Jump to content

LiveUpdate.exe "Bad Image" Error Popups


Recommended Posts

Hello:

 

I'm new to this but I seem to have a somewhat common problem around here. I've been getting many error popups for some time now saying that I have a missing security.dll.

 

I've run malwarebytes anti malware and have still been getting this problem.

 

Here are my logs from FRST

 

FRST.txt

 

Addition.txt

 

I've already removed utorrent (during the scan, so if it shows up, I've already removed it)

 

Thanks in advance.

 

(I couldn't make this post with the copy-and-pasted logs because it was giving me an error saying the post was too long, so they are attached).

Link to post
Share on other sites

Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.

Run FRST.exe/FRST64.exe and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

=====================

Lets check for any adware/spyware now:

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program that may have been targeted by mistake.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are either adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Last..................

Please Update and run a Threat Scan (Malwarebytes)

Click on settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine All that's found

Let me know how it is.....MrC

fixlist.txt

Link to post
Share on other sites

Hi MrC.

 

Thanks for the quick response

 

I am still getting the error message after doing everything above (even before i log into my account, right after restarting)

 

attached is my fixlog.txt

 

and here is the copy pasted adwcleaner[s0].txt

 

# AdwCleaner v4.208 - Logfile created 06/08/2015 at 20:53:10
# Updated 09/07/2015 by Xplode
# Database : 2015-08-01.1 [server]
# Operating system : Windows 8.1  (x64)
# Username : Daniel - DANIEL-LAPTOP
# Running from : C:\Users\Daniel\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\torchcrashhandler
Folder Deleted : C:\ProgramData\pokki
Folder Deleted : C:\Program Files (x86)\LenovoBrowserGuard
Folder Deleted : C:\Users\Daniel\AppData\Local\torch
Folder Deleted : C:\Users\Daniel\AppData\Local\LenovoBrowserGuard
Folder Deleted : C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch
Folder Deleted : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
Folder Deleted : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\obciceimmggglbmelaidpjlmodcebijb
File Deleted : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_niloccemoadcdkdjlinkgdfekeahmflj_0.localstorage
File Deleted : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_niloccemoadcdkdjlinkgdfekeahmflj_0.localstorage-journal
File Deleted : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\obciceimmggglbmelaidpjlmodcebijb
File Deleted : C:\windows\System32\roboot64.exe
File Deleted : C:\Users\Daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Torch.lnk
File Deleted : C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
File Deleted : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Deleted : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Classes\pokki
Key Deleted : HKLM\SOFTWARE\Classes\Applications\Torch.exe
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\TorchVLC
Key Deleted : HKLM\SOFTWARE\Clients\StartMenuInternet\Torch
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\torch
Key Deleted : HKLM\SOFTWARE\torch
Key Deleted : HKLM\SOFTWARE\LenovoBrowserGuard
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LenovoBrowserGuard
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>;*.local
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Google Chrome v44.0.2403.130
 
 
*************************
 
AdwCleaner[R0].txt - [4180 bytes] - [06/08/2015 20:48:44]
AdwCleaner[s0].txt - [4091 bytes] - [06/08/2015 20:53:10]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4150  bytes] ##########
 

Fixlog.txt

Link to post
Share on other sites

Here is my malwarebyte scan log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 8/6/2015
Scan Time: 5:54 PM
Logfile: malwarebyte scan2.txt
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.08.06.07
Rootkit Database: v2015.08.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Daniel
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 404238
Time Elapsed: 33 min, 53 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 2
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32Loader.dll, Good: (), Bad: (C:\PROGRA~2\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32Loader.dll),Replaced,[1c83a461cac1af87d22e878f4fb4e818]
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64Loader.dll, Good: (), Bad: (C:\PROGRA~2\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64Loader.dll),Replaced,[edb210f5018a1d1921df3adcb05335cb]
 
Folders: 0
(No malicious items detected)
 
Files: 12
PUP.Optional.OpenCandy, C:\Users\Daniel\AppData\Local\Temp\HYD549E.tmp.1438909131\HTA\install.1438909131.zip, Quarantined, [57482adb1d6e4de9629695dbc04507f9], 
PUP.Optional.OpenCandy, C:\Users\Daniel\AppData\Local\Temp\HYD549E.tmp.1438909131\HTA\3rdparty\OCSetupHlp.dll, Quarantined, [574825e05b30ab8bec0c0769a560966a], 
PUP.Optional.OpenCandy, C:\Users\Daniel\AppData\Local\Temp\HYD5798.tmp.1435689351\HTA\install.1435689351.zip, Quarantined, [138c09fcf497d165768290e06c9917e9], 
PUP.Optional.OpenCandy, C:\Users\Daniel\AppData\Local\Temp\HYDA24.tmp.1435596204\HTA\install.1435596204.zip, Quarantined, [fea119ece4a7063040b8bdb3dc29738d], 
PUP.Optional.OpenCandy, C:\Users\Daniel\AppData\Local\Temp\HYDA24.tmp.1435596204\HTA\3rdparty\OCSetupHlp.dll, Quarantined, [6c33fa0bc6c53402a15797d9c1448f71], 
PUP.Optional.OpenCandy, C:\Users\Daniel\AppData\Local\Temp\HYDAE09.tmp.1435596181\HTA\install.1435596181.zip, Quarantined, [aaf55da81774cc6a04f4f47c38cd9b65], 
PUP.Optional.OpenCandy, C:\Users\Daniel\AppData\Local\Temp\HYDAE09.tmp.1435596181\HTA\3rdparty\OCSetupHlp.dll, Quarantined, [653ae3224645f04637c1fc7410f5eb15], 
PUP.Optional.OpenCandy, C:\Users\Daniel\AppData\Local\Temp\HYDFAA6.tmp.1438909108\HTA\install.1438909108.zip, Quarantined, [0c9352b36c1fc571c335234d897cf50b], 
PUP.Optional.OpenCandy, C:\Users\Daniel\AppData\Local\Temp\HYDFAA6.tmp.1438909108\HTA\3rdparty\OCSetupHlp.dll, Quarantined, [069982837e0dd264cf298ee25baae41c], 
VirTool.Obfuscator, C:\Users\Daniel\Downloads\SleepD+15TR-LNG_V1.4.rar, Quarantined, [d1ce679ed0bb81b5fd4f097ca45cc040], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32Loader.dll, Quarantined, [1c83a461cac1af87d22e878f4fb4e818], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64Loader.dll, Quarantined, [edb210f5018a1d1921df3adcb05335cb], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
Furthermore, I have attached the rescanned FRST and addition.txt
 
Thanks.
 
 

 

FRST.txt

Addition.txt

Link to post
Share on other sites

Please uninstall this program: (if possible)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.3.0.122 - IObit)

===========================

Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.
Run FRST.exe/FRST64.exe and click Fix only once and wait
The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Reboot and let me know how it is, MrC

fixlist.txt

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.