stlb2.dll, 180 search assistant, popups

I can't seem to get rid of endless popups and every time I turn on my computer, I get "error loading stlb2.dll - the specified module can't be found". I also get a window with 180search Assistant Alert.

After reading your forums, I've done the following: Downloading Tools; Download the following tools and save in your favorite download folder or create one, for example C:\Temp or C:\Downloads. And then install, update, and configure as indicated below. While this may seem like overkill, there currently is no one perfect removal tool. Because of this, to properly find and fix your problem, you need to try a variety of programs.

Ad-Aware SE.......Install, click Check for Updates now and get any updates, then exit.
Ad-Aware VX2 Cleaner Plug-In.....Install only
CCleaner.............Install only, then exit
Spybot................Install, do the search for updates now and get any updates, then exit.
Spybot - Search and Destroy DSO Exploit Fix - Install this patch on top of Spybot to fix the DSO Exploit bug
SpywareBlaster...Install, click Download Latest Protection Updates, Check for Updates, and then Enable All Protection, then exit. It does a great job of blocking known vulnerabilities as well as known malicious websites.
McAfee AVERT Stinger.....No installation required! Ready to run as is.
CWShredder......No installation required! Just unzip it to a folder.
Kill2me..............No installation required! Just unzip it to a folder.
about:Buster......No installation required! Just unzip it to a folder. Click Update & download any before scanning.
HSRemove........No installation required! Ready to run as is.


Your system is now ready to be properly scanned for spyware, trojans and viruses.

Scanning And Cleaning Steps: (note steps 1 thru 4 are NOT optional!)

1: Virus And Trojan Scanning (do not skip these two scans or you will be asked to run them before continuing)
a) Win9x (Windows 95, 98, 98SE) users boot normal mode.
do an online scan at Trend Micro's Free Online Virus Scan
do an online scan at Symantec Security Check
now boot in safe mode (and remain there) and run McAfee AVERT Stinger. See how to boot in safe mode below.
b) And Windows XP, 2000, NT, ME, users boot in "safe mode with networking support" (and remain in there). See how to boot in safe mode below.
do an online scan at Trend Micro's Free Online Virus Scan
do an online scan at Symantec Security Check
run McAfee AVERT Stinger
NOTE: If using a non-IE browser, you can use Trend Micro's online scan with Java located HERE

How to boot in safe mode: To boot into safe mode, restart your computer and tap the f8 key (after first black and white screen, but before the Windows splash screen) until you get to a black and white screen asking you what to do. With Windows XP, 2000, NT, ME: Use your arrow keys and select "safe mode with networking support".

Booting in safe mode is important because best results are achieved since safe mode disables most drivers and running programs. If you have a problem for any reason trying to run these scans in safe mode, do them in normal boot mode but make sure you tell us that in any subsequent message you may need to post about your problem,

2: Clean Your Hard Drive; Remove temporary internet and other files not needed with CCleaner. Run CCleaner with the default options to clean out temporary files. Optionally, check the clean "Delete Index.dat" checkbox.

3: Main Spyware Scan And Removal; Scan your machine with Ad-Aware SE (remember to install the Ad-Aware VX2 Cleaner Plug-In for it) and Spybot. Look for the Immunize feature in Spybot and use it. Make sure you install the Spybot DSO Exploit patch before running a scan with Spybot.

4: Secondary Spyware Scan And Removal: Other Removal Tools; Run the other programs you downloaded; CWShredder (make sure you select Fix), Kill2me


I ran Hijackthis, but did not include it as you requested. If you need it though, i'll be happy to supply the log for you. If anyone can help me, I will greatly appreciate it. I've asked for help in so many other forums and no one will respond. I don't think they know what is wrong, so they're ignoring me. I thank you in advance for all your help.

 

Hi hlewis,

Look in Add or Remove Programs for 180 Search and try to Uninstall it if found. Also look in your Program Files Folder. When you do this, make not of any other suspicious looking programs that you do not recognize and let us know what you find.

Also, go ahead and send us a HijackThis Log. Please be sure to follow the instructions below:

Note that your HijackThis should be up-to-date (v1.99) and MUST be extracted to its own safe folder – C:\Program Files\HijackThis!
Should you need a Fresh Download of HJT, get it HERE: HijackThis v1.99

Also note that, before you scan, you MUST close all running programs including your web browser, e-mail and items in the system tray.

Please save your HJT Log as a .txt File and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

I’m not around this forum too often these days, but somebody will try to take a look when they get a chance.

Best luck
PP

 

Thank you so much for your help. I looked for the 180search in my programs folder and couldn't find it, however, I did find something else that was giving me grief. That was good. I ran hijack this and have attached it, like you requested. I sure hope that you can help me out with this. Thanks again.

 

Hi Hlewis,

I see a number of items in your log that need to be dealt with. I'll try to post a fix for you in the wee hours tonight when I get some free time. Just wanted to let you know so you don't wait around

But first, is this setting correct?
O14 - IERESET.INF: START_PAGE_URL=http://www.mycompucity.com

Do you know what this is?
O4 - HKCU\..\Run: [Ouua] C:\Documents and Settings\589-8687 PCComputers\Application Data\ceua.exe

Also, are there any 016 entries in your HJT log that you absolutely cannot live without?

PP

 

Hi PP,

Oh my goodness. Thanks so much for helping me. I've had this bug for so long, what's a few more days?

The following is absolutely NOT correct:
O14 - IERESET.INF: START_PAGE_URL=http://www.mycompucity.com

And this is the craziest thing.
O4 - HKCU\..\Run: [Ouua] C:\Documents and Settings\589-8687 PCComputers\Application Data\ceua.exe
I have NO idea what it is. I've googled it and come up with zero. I was hoping someone could tell me what it was.

Regarding the 016 entries. There's not a thing there that I couldn't live without.

Thanks again for taking the time to help me. I can relate to the wee hours. I've slept at my computer, trying to figure this out. Let me know what I should do with all the junk and I will happily fix it.

 

Hi HLewis,

Happy to help

Don’t know if KDX has the same sort of problems and malware concerns as traditional P2P stuff. I know Kontiki has issues, but I will leave it up to you whether or not to remove it.

O4 - HKCU\..\Run: [supervisor.exe] C:\WINDOWS\supervisor.exe ---> I do not know what this is, do you? Perhaps, instead of deleting it, you should rename the file supervisor.bad and see if it turns out that you do indeed need it for something. If you don't recognize it, fix the entry with HijackThis as well!


Please print out these instructions so that you can operate with All Browser Windows CLOSED.

Please make sure System Restore is OFF and the Viewing of Hidden Files is Enabled as per the tutorial.

Now, look in Task Manager (Ctrl-Alt-Del) for the following running processes and, if you see any of them, try to END them if possible:

dglgf.exe
mmups.exe
d?dplay.exe

Now scan with HijackThis and Check the Boxes for the following:

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {12EE7A5E-0674-42f9-A76A-000000004D00} - (no file)
O2 - BHO: (no name) - {CCADABA3-351B-1FEA-3A03-6CB35D9F099F} - C:\WINDOWS\system32\gfqvofuh.dll

O3 - Toolbar: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)
O3 - Toolbar: (no name) - {12EE7A5E-0674-42f9-A76B-000000004D00} - (no file)

O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [dglgf] C:\WINDOWS\dglgf.exe
O4 - HKLM\..\Run: [mediamotor.exe] C:\WINDOWS\mmups.exe
O4 - HKLM\..\Run: [{12EE7A5E-0674-42f9-A76B-000000004D00}] rundll32.exe stlb2.dll,DllRunMain
O4 - HKCU\..\Run: [Ouua] C:\Documents and Settings\589-8687 PCComputers\Application Data\ceua.exe
O4 - HKCU\..\Run: [Gsjoa] C:\WINDOWS\system32\d?dplay.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O14 - IERESET.INF: START_PAGE_URL=http://www.mycompucity.com

O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} (Pulse V5 ActiveX Control) - http://www.pulse3d.com/players/english/5.2/win/PulsePlayer5.2AxWin.cab

O23 - Service: ISEXEng - Unknown - C:\WINDOWS\system32\angelex.exe (file missing)

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Please boot into Safe Mode with the Viewing of Hidden Files Enabled and navigate to and DELETE the following if they should remain:

C:\WINDOWS\system32\gfqvofuh.dll
C:\WINDOWS\system32\d?dplay.exe
stlb2.dll ---> Use Windows Explorer to find this one
C:\WINDOWS\dglgf.exe
C:\WINDOWS\mmups.exe
O4 - HKCU\..\Run: [Ouua] C:\Documents and Settings\589-8687 PCComputers ---> If you don’t recognize the contents of this folder, I’d dump it.

NOTE: I don’t know if this is a legitimate folder (589-8687 PCComputers), but, at the very least, ceua.exe should go. Let me know what you make of this guy!

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

Reboot to Normal Windows and Scan with HijackThis and attach that log.
Let me know of any problems you may have encountered with the above instructions and how your computer is running now. I will try to check back when time permits --- Likely Wednsday night!

Best luck
PP

 

Hi PP,

Everything went well with one exception. I still have supervisor.exe but I can't find it on my computer. I ran a search and tried to find it with windows explorer but came up empty, yet it is still running. Viewing of hidden files is enabled. Any ideas?

I'm also leaving the 589-8687 PCComputers on my computer. It holds my system folders. Its name was put on there by the store I purchased my computer from. It's their phone number and store name. I've tried to rename it but it won't let me.

The good news is that the stlb2.dll error message is gone! Yay! You'll have to let me know how everything else looks. Whatever I need to do, I'm ready.

Thanks for everything.

 

Hi Hlewis,

I figured that was the case for 589-8687 PCComputers, but thought you'd recognize it immediately when asked I imagine that they were responsible for the 014 line as well. Still, I didn't like seeing that ceua.exe running from Application Data - looked like a trojan. Did you remove it?

Your HijackThis log looks OK. That supervisor.exe bugs me, though. You weren't able to find it in Windows directory? According to Pacman's list, it might be associated with some sort of anti-trojan app or the like. Are you running something like that? Is there something like that on your machine? (ATS or PCDoorGuard)
If we deem it to be non-essential, I suppose we could delete it with Pocket KillBox, though I'd just as soon wait and see how your machine is running for a few days.

So, how ARE things running?

PP

 

PP,

I've been wondering about the ceua.exe for quite awhile now and am happy to have gotten rid of it. My computer is running like a charm. Thank you, thank you, thank you!!! I'm not getting any popups!

Ya, the supervisor.exe thing is kind of weird. I found trojan hunter on my computer but the free trial period had run out, so I deleted it last night. I looked in the task manager this morning and it isn't running now, so i'm thinking that might have been what it was.

I can't tell you how thankful I am for your help. I had gone on to so many other forums over the last several weeks and not one person attempted to help me. Not only did you reply but you fixed my computer! You are the greatest!

 

You're Welcome! Glad I could help

Even though there are only a few of us here in the Spyware forum who offer advice on a regular basis, we try hard to respond to ALL posts asking for help.

For future reference, you ought to take a peek at Chaslang's suggestions: How to Protect yourself from malware!

Happy Computing

PP