Can't Acess Any programs or get online.

Discussion in 'Malware Help (A Specialist Will Reply)' started by mahlerosa, Jul 27, 2013.

  1. mahlerosa

    mahlerosa Private E-2

    Suddenly I cannot double click on ANY program. All of my shortcuts are gone from the task bar. I tried running Malware bytes and it will not run when double clicked, If I right click I get a Run-Time error "372". Failure to load control "weBrowswer" from irframe.dll. I am on an alternate computer as I cannot get on line with the effected computer. I cannot fun the protocol for removal as I can't get Chrome or Firefox to open. I have tired deleting IE but not sure I was successful. I cannot open or run anything in safe-mode either.
    I am running XP.
    stressed and feeling screwed.. mahlerosa
     
    mahlerosa, Jul 27, 2013
    #1
  2. mahlerosa

    mahlerosa Private E-2

    Thru Dell I was able to repair windows and got Firefox to open so I could use your removal cleaning procedures.
    I am also not able to install Malwarebytes Anti-malware. I get a Run-time error 1_2147024769 (8007007f) Automation error.
     

    Attached Files:

    Last edited: Jul 27, 2013
    mahlerosa, Jul 27, 2013
    #2
  3. mahlerosa

    mahlerosa Private E-2

    another problem I have discovered is that I cannot pin shortcuts to the taskbar anymore.
     
    mahlerosa, Jul 28, 2013
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.delta-search.com/?babsrc=HP_ss&mntrId=24A8B8AC6FABDE8C&affID=119351&tsp=4956
    R3 - URLSearchHook: (no name) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - (no file)
    O2 - BHO: CrossriderApp0033254 - {11111111-1111-1111-1111-110311321154} - C:\Program Files\Safe Saver\Safe Saver-bho.dll
    O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\6.7\pdfforgeToolbarIE.dll
    O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\6.7\pdfforgeToolbarIE.dll

    After clicking Fix, exit HJT.

    Now uninstall the below programs:
    Java(TM) 6 Update 20
    pdfforge Toolbar v6.7
    Safe Saver
    Now install the current version of Sun Java from: Sun Java Runtime Environment Make sure that when you see the form asking about installing Ask Toolbar that you uncheck this.

    Note that I'm not too sure I trust Open It! that you installed around the same time you got all this other junk installed. Are you sure you trust it????

    Please download OTM by Old Timer and save it to your Desktop.
    • Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
    • Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
      (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
      the code box
    Code:
    :Processes
explorer.exe
:Files
C:\Documents and Settings\Mahlerosa\Local Settings\Temp\is357113909\20508140_Setup.EXE
C:\Documents and Settings\Mahlerosa\My Documents\Downloads\ZipOpenerSetup.exe
C:\Documents and Settings\Mahlerosa\Local Settings\Temp\ish20506421
C:\Documents and Settings\Mahlerosa\Local Settings\Temp\is357113909\DefaultTabSetup.exe
C:\Documents and Settings\Mahlerosa\Application Data\DefaultTab
C:\Documents and Settings\Mahlerosa\Application Data\DSite
C:\Documents and Settings\Mahlerosa\Application Data\Babylon
C:\Documents and Settings\All Users\Application Data\Babylon
C:\Documents and Settings\Mahlerosa\Application Data\BabSolution
C:\Documents and Settings\Mahlerosa\Application Data\Mozilla\Firefox\Profiles\182nyv3a.default\searchplugins\babylon.xml
C:\Program Files\Safe Saver
C:\WINDOWS\Tasks\Safe Saver-codedownloader.job
C:\WINDOWS\Tasks\Safe Saver-enabler.job
C:\WINDOWS\Tasks\Safe Saver-updater.job
C:\Documents and Settings\Mahlerosa\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mehnejgknjfgfdmijlaloodhdgnbgdgn
C:\WINDOWS\Temp\*.*
C:\Documents and Settings\Mahlerosa\Local Settings\Temp\*.*
:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Mahlerosa^Start Menu^Programs^Startup^Advanced Registry Optimizer.lnk]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KernelFaultCheck]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
[-HKEY_LOCAL_MACHINE\SOFTWARE\babylontoolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Prod.cap]
[-HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
[-HKEY_USERS\S-1-5-21-2830206439-242661526-2777770831-1005\Software\DataMngr]
[-HKEY_USERS\S-1-5-21-2830206439-242661526-2777770831-1005\Software\DataMngr_Toolbar]
[-HKEY_USERS\S-1-5-21-2830206439-242661526-2777770831-1005\Software\delta LTD]
[-HKEY_USERS\S-1-5-21-2830206439-242661526-2777770831-1005\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975}])
[-HKEY_USERS\S-1-5-21-2830206439-242661526-2777770831-1005\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311321154}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
"Backup.Old.DefaultScope"=-
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{09C3E4E5-AD07-401D-A241-FE500CB5C3A7}\Non-Matches]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"bProtectTabs"=-
:Commands
[purity]
[EmptyTemp]
[start explorer]
[Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
      ) and choose Paste.
    • Now click the large http://forums.majorgeeks.com/chaslang/images/MoveIt!.png button.
    • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
    • Close OTM.
    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
    saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
    this log file to your next message.

    Now you need to run MSconfig and put your PC into normal startup mode. You should not be using MSconfig as a permanent startup manager. It was not designed for that purpose. This hasbeen told to you in other threads. You need to stop using it like this. See the below:

    Dealing with Startup Processes


    Now please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Note: That JRT may reset your home page to a google default so you will need to restore your home page setting if this happens.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Attach JRT.txt to your next message.
    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • the C:\_OTM\MovedFiles log
    • the JRT.TXTlog
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Jul 28, 2013
    #4
  5. mahlerosa

    mahlerosa Private E-2

    I have to work on the start up process portion of your directions.
     

    Attached Files:

    mahlerosa, Jul 29, 2013
    #5
  6. mahlerosa

    mahlerosa Private E-2

    I am still have a problem with links. If I click on a hyper-link in an e-mail in outlook I get the attached picture. I have another program which I click a hyperlink to get on line and when I click nothing happens.
    I am also not able to install Malwarebytes Anti-malware. I get a Run-time error 1_2147024769 (8007007f) Automation error.
    Thnx! Michelle
     

    Attached Files:

    mahlerosa, Jul 29, 2013
    #6
  7. mahlerosa

    mahlerosa Private E-2

    Another problem I have discovered is that now windows search does not work.
     

    Attached Files:

    Last edited: Jul 29, 2013
    mahlerosa, Jul 29, 2013
    #7
  8. mahlerosa

    mahlerosa Private E-2

    I think I have fixed the 2 issues from below. But am curious if you know what this box is? It opens when my computer fist comes on. It has not always been there so am concerned.
    Thnx!! mahlerosa
     

    Attached Files:

    mahlerosa, Jul 29, 2013
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I don't know what you are referring to, but you are supposed to follow all instructions as written and in the order written!

    Your logs are clean. You problems with Windows search should be posted in the Software Forum. I do not know what that popup you referred to is for but is for some program you are running. You could check to see if it continues to happen and check if it occurs in safe boot mode too.

    The problem you are having with Malwarebytes should be posted in their forum. My guess is a registry entry or possibly a necessary update for Microsoft .NET Framework or another runtime library issue.
     
    chaslang, Jul 30, 2013
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds