Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Can't open any programs except photoshop not even OTL


  • Please log in to reply

#106
neataznyam

neataznyam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 150 posts
well I still can't get otl to work but I got into command promt when we went into repair system
  • 0

Advertisements


#107
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
It says you posted at 2:55. Perhaps we should have got someone who lives in Hawaii.

Anyway see if you can do:

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. (Or get into Command Prompt any way you can) Type with an Enter after each line:

sfc  /scannow

(Once this finishes - Does it finish?)  

cd \windows

copy regedit.exe regedit.com

regedit.com

(Are you able to get into the registry editor?  Leave it running and get back to me.)


  • 0

#108
neataznyam

neataznyam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 150 posts
well it says 1 file copied and it did scan. After I typed in the last regedit.com nothing happened, just went back to c:\windows if that's what was suppose to happen.

Edited by neataznyam, 21 April 2012 - 12:17 PM.

  • 0

#109
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
No. Was hoping we could get the registry editor to come up.

Copy this line:

reg delete HKEY_CURRENT_USER\SOFTWARE\Classes\exefile

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear. Hit Enter.

Do you get an error? What does the error say?

When you right clicked on the unhookexe.inf file did you have an option to Merge?
  • 0

#110
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
If reg delete fails then see if you can create and boot off the PC Regedit CD they talk about midway on this page:

http://www.raymond.c...ing-in-windows/

Start with:

1. Download PC Regedit


They give you some info on how to burn the CD but the easiest way is with the free iso burner:

http://www.freeisoburner.com/

If you can get it to boot then you probably need to have it open C:\Users\henry\NTUSER.DAT or USRCLASS.DAT to find the HKEY_CURRENT_USER\SOFTWARE\Classes\exefile
which we want to delete.

If you can't get that to work then try the Windows Defender Offline program:

http://windows.micro...efender-offline

Apparently if MSSE finds a problem it can't handle it tells the user to run Windows Defender Offline but I don't think you need MSSE to run it. The nice thing about it is it does not need a second program to burn a CD or create a bootable USB drive. There is a separate program for 32 and 64 bit systems. You will need the 64 bit version. Then you have a choice of blank CD or a USB drive or .iso file. You boot off the CD or USB and it gives you some choices (Quick Scan and Full Scan if I remember correctly - may be other choices). Then it scans your system and fixes anything it knows how to fix but I think it asks permission so you can't just let it run overnight.
  • 0

#111
neataznyam

neataznyam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 150 posts
well I deleted the file, it said successfully completed operation

Edited by neataznyam, 21 April 2012 - 04:37 PM.

  • 0

#112
neataznyam

neataznyam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 150 posts
for unhook I didn't see a merge when I right clicked but I saw install
  • 0

#113
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Interesting that it lets reg work. Did that make a difference in running other exe files?

Right click on a file that won't run and select Properties then look if it says anything about the file being blocked. Click on Unblock. See if it will run now.


Try copying the next line and pasting it into a command prompt as before.

reg export "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" "%userprofile%\Desktop\ifeo.txt"

It should create a file called ifeo.txt on your desktop. If so please attach the file to your next post.
  • 0

#114
neataznyam

neataznyam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 150 posts
here you go

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Acrobat.exe]
"DisableExceptionChainValidation"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcrobatInfo.exe]
"DisableExceptionChainValidation"=dword:00000000
@=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32.exe]
"DisableExceptionChainValidation"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32Info.exe]
"DisableExceptionChainValidation"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions]
"mscoree.dll"=dword:00000001
"mscorwks.dll"=dword:00000001
"mso.dll"=dword:00000001
"msjava.dll"=dword:00000001
"msci_uno.dll"=dword:00000001
"jvm.dll"=dword:00000001
"jvm_g.dll"=dword:00000001
"javai.dll"=dword:00000001
"vb40032.dll"=dword:00000001
"vbe6.dll"=dword:00000001
"ums.dll"=dword:00000001
"main123w.dll"=dword:00000001
"udtapi.dll"=dword:00000001
"mscorsvr.dll"=dword:00000001
"eMigrationmmc.dll"=dword:00000001
"eProcedureMMC.dll"=dword:00000001
"eQueryMMC.dll"=dword:00000001
"EncryptPatchVer.dll"=dword:00000001
"Cleanup.dll"=dword:00000001
"divx.dll"=dword:00000001
"divxdec.ax"=dword:00000001
"fullsoft.dll"=dword:00000001
"NSWSTE.dll"=dword:00000001
"ASSTE.dll"=dword:00000001
"NPMLIC.dll"=dword:00000001
"PMSTE.dll"=dword:00000001
"AVSTE.dll"=dword:00000001
"NAVOPTRF.dll"=dword:00000001
"DRMINST.dll"=dword:00000001
"TFDTCTT8.dll"=dwo rd:00000001
"DJSMAR00.dll"=dword:00000001
"xlmlEN.dll"=dword:00000001
"ISSTE.dll"=dword:00000001
"symlcnet.dll"=dword:00000001
"ppw32hlp.dll"=dword:00000001
"Apitrap.dll"=dword:00000001
"Vegas60k.dll"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe]
"DisableExceptionChainValidation"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe]
"DisableExceptionChainValidation"=dword:00000000
"DisableUserModeCallbackFilter"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MovieMaker.exe]
"CWDIllegalInDllSearch"=dword:ffffffff
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WLXAlbumDownloadWizard.exe]
"CWDIllegalInDllSearch"=dword:ffffffff
  • 0

#115
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Try copying the next line and pasting it into a command prompt as before.

reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "%userprofile%\Desktop\LMRun.txt"

It should create a file called LMRun.txt on your desktop.

Let's see if we can get it to delete the malware entries now that we have a backup copy.

reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v devicemob

if that seems to work

reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v xmlimig

reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v dplaysvr

Then

reg export HKEY_Current_User\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "%userprofile%\Desktop\CURun.txt"


It should create a file called CURun.txt on your desktop.

reg delete HKEY_Current_User\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v devicemob

reg delete HKEY_Current_User\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v xmlimig

reg delete HKEY_Current_User\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v dplaysvr



reg export "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" "%userprofile%\Desktop\Winlogon.txt"


Attach or copy and paste "Winlogon.txt"



reg export HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System "%userprofile%\Desktop\LMPolicies.txt"


Attach or copy and paste "LMPolicies.txt"



reg export "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]" "%userprofile%\Desktop\Policies.txt"


Attach or copy and paste "CUPolicies.txt"
  • 0

Advertisements


#116
neataznyam

neataznyam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 150 posts
the first line i pasted I got a message about windows\system32\mscoree.dll saying this file does not have a program associated with it for the performing this action. Please install a program or, if one is laready installed create an association in the default programs control panel.
  • 0

#117
neataznyam

neataznyam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 150 posts
I did reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v devicemob and when it ask yes or no I keep putting yes and it keeps asking me the same question, the same thing happened with the following entries

Edited by neataznyam, 21 April 2012 - 07:38 PM.

  • 0

#118
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Can you uninstall your AdAware and SuperAntiSpyware? One of them may be causing us problems. We may need to reset the permissions on the registry.

Can you get the reg export lines to work? Pleas copy and paste any you can get.
  • 0

#119
neataznyam

neataznyam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 150 posts
okay I got the lmrun file, do i just paste what's inside there to the command prompt because thats what I did and it said adobeaamupdater-10" is not recognized as an internal or external command, operable program or batch file.
  • 0

#120
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
You can also try adding a /f. Then it shouldn't ask for a yes or no.

reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v devicemob /f
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP