Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Chrome_Elf Dll Is Missing Error


  • Please log in to reply

#76
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,017 posts
  • MVP

We can try to zip it up with FRST.

 

I don't know where the file is located but let's assume it's in the same folder as FRST so it's path would be:

 

C:\Users\R\Downloads and if the file is called logfile.pml then the full path would be:  C:\Users\R\Downloads\logfile.pml

 

Open notepad and type:

zip: C:\Users\R\Downloads\logfile.pml

File, Save, fixlist, (to the C:\Users\R\Downloads folder) OK.  This should create the file C:\Users\R\Downloads\fixlist.txt

 

Now run Frst and hit Fix.  The fixlog will tell you what file name the zip has.

 

This should be smaller than 100 M.


  • 0

Advertisements


#77
InfinityFalse

InfinityFalse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts

Even though I've did what you told me to do - It's still over 100mb, however it's smaller than it used to be before, from 1gb+ to 1.27mb.


  • 0

#78
InfinityFalse

InfinityFalse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts

I found alternate website which allows me to upload files that is over 100MB, the website is coming from filedropper. 

 

http://www.filedropp.../03032017214719


  • 0

#79
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,017 posts
  • MVP

Good work.  I've got the file.  Will take a while to go through it. 


  • 0

#80
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,017 posts
  • MVP

Let's turn off prefetch and superfetch.  The first instance of IE is in a prefetch file and there is also something odd in another .pf file.

 

First suspend IE with Process Explorer.

 

Then download the attached pf.zip and save it.  Right click on it and Extract All.  Right click on pf.reg and Merge.

Attached File  pf.zip   361bytes   27 downloads

 

Then download the attached fixlist and save it then run FRST and Fix.

Attached File  fixlist.txt   422bytes   28 downloads

 

Reboot.

 

Does it still start up IE?


  • 0

#81
InfinityFalse

InfinityFalse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts

Hello, 

 

So, after I've instructed to do what you told me to do in your reply - after reboot, I've checked process explorer, and saw that IE is no longer running on its own, and I am able to open Google Chrome again, without having error, although my laptop is somewhat running slow for some reason, and my IE browser is completely gone from desktop and start menu, although it's still inside my laptop somewhere. 


  • 0

#82
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,017 posts
  • MVP

The slowness is probably because we turned off prefetch.  We can try to turn it back on and see what happens.

 

Download and Save the attached pfon.zip file.  Right click on it and Extract All, Extract.  Then right click on pfon.reg and Merge.  

 

Then reboot.

 

 

See if this helps for the IE icon:

 

http://www.pcworld.c...96/Windows.html

 

If not just right click on the desktop somewhere and select New, Shortcut.   The Location is:

"C:\Program Files\Internet Explorer\iexplore.exe"

Next.

You can rename it from iexplore.exe to Internet Explorer if you like.

Next.

 

Then right click on it and select Properties.

 

Then make it look like:

 

 

ieIcon.JPG

 

If it doesn't have the correct picture just click on Change Icon and select one.

 

Attached Files

  • Attached File  pfon.zip   367bytes   24 downloads

  • 0

#83
InfinityFalse

InfinityFalse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts

Alrighty, seems like everything else is working normally as they should be, is there anything else we should do, or are we finished? 


  • 0

#84
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,017 posts
  • MVP

That was a tough one.  Thanks for your patience.  I guess we can clean up now.

 

 
To delete the Quarantine Folder used by FRST create a fixlist.txt file with just the following line:
 
DeleteQuarantine:
 
Save the fixlist.txt to the same folder as FRST then run FRST and hit Fix.  You can easily delete any other folders and logs.
 
If we installed Speccy it needs to be uninstalled.  Process Explorer, VEW, AdwCleaner, JRT  and their logs and Speccy's log can just be deleted.  (as well as  Process Monitor's giant logs.  Be sure to empty your Reycle Bin)
 
Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  Flash is now the most malware targeted program so it must be kept up to date.  Be careful with Adobe.  They are fond of offering optional downloads like yahoo or Ask toolbars or that worthless McAfee Security Scan.  Go slow and uncheck the optional stuff.
 
Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions. 
 
 
If you use Chrome/Firefox/IE then get the AdBlock Plus Add-on.  Go to adblockplus.org with each browser and get the add-on.  (It's actually a program for IE)
 
If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox.  Close Chrome/Firefox/Skpe. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow starting..
 
If you are a Facebook user get the FB Purity extension for your browser:
This will stop all of the suggested pages and ads so that Facebook loads much quicker.
 
 
Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will probably be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.combeforeyou open them.
 
Due to a recent rise in the number of Crytolocker infections I am now recommending you install:
 
CryptoPrevent
 
 
The free version does not update on its own so you should check for updated versions once in a while. When you install it the default is NONE which is kind of worthless so change it to Standard or default. If you have problems after installing CryptoPrevent you can just uninstall it.
 
If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...0637284.htmlandhttp://www.seattlepi...ted-1344185.php for why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.
 
Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.
 
 
Ron
 
PS.  Thanks again for submitting the first file for the developer.  He was able to quickly isolate the problem and has already made a change in the tool so that it won't happen again.  This is what he said,

This particular and the similar cases are fixed. Should there be other cases please upload the "Software" hive from FRST back ups.

 
 
Just for your information, the mwlDaemon entry contained many trailing null characters following by many spaces. I have no idea if this is intended by the vendor or a bug in the software. I see no logical purpose for this. You would not see this if you open regedit to see the value data or if your export it. Regedit.exe breaks the data entry from the first trailing null character.
The presence of those null characters triggered a rare bug in one of the basic Autoit functions (StringRegExpReplace). It happened when FRST attempted to parse the whitelisted entries. Running FRST without whitelisting registry, would not trigger the bug.
I have no access to the the function and can't debug it. To overcome this and similar cases when a value data of REG_SZ type contains null characters, FRST replaces them with star "*" character. In this case you see the following entry in the log:
 
 
Quote
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe**************************************************************                                                                               (the data entry has 65 more characters).
 
 
 

 

 


  • 1

#85
InfinityFalse

InfinityFalse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts

Alrighty, 

 

Removed all tools + logs, and thank you for the advices, if I were to have another problem with malware/virus, I'll come back for sure, and thank you for helping me with getting rid of nasty stuff in my laptop, have a great weekend. 


  • 0

Advertisements


#86
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,017 posts
  • MVP

If you have another problem just reply to this post.  Unlike most of the others on this site I never lock posts so it should be still open.  If not send me a PM.


  • 0

#87
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,017 posts
  • MVP

Just realized we probably didn't go back in to msconfig and recheck everything and in to Task Scheduler and reenable.


  • 0

#88
InfinityFalse

InfinityFalse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts

No worries, I've already enabled most of things in the msconfig / enabled all tasks in the Task Scheduler, other than that, everything else is working as they should be. 


  • 0

#89
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,017 posts
  • MVP

OK.  If there is something you don't want - it's better to uninstall it.  Note that if there is something unchecked in msconfig when you try to uninstall it then it won't get completely uninstalled.


  • 0

#90
InfinityFalse

InfinityFalse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts

Hello again, 

 

Not sure if we've managed to solve that problem regarding internet explorer, because just recently, I've used ccleaner to clean up junks in my laptop, and saw that there were few files in the history, even though I haven't used it for a long while, and also, I think I may have downloaded something along with some stuff, would like to have help with this. thanks. 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP