
Can't open any programs except photoshop not even OTL
Started by
neataznyam
, Mar 21 2012 10:25 PM
#106
Posted 21 April 2012 - 03:55 AM

#107
Posted 21 April 2012 - 10:41 AM

It says you posted at 2:55. Perhaps we should have got someone who lives in Hawaii.
Anyway see if you can do:
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. (Or get into Command Prompt any way you can) Type with an Enter after each line:
Anyway see if you can do:
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. (Or get into Command Prompt any way you can) Type with an Enter after each line:
sfc /scannow (Once this finishes - Does it finish?) cd \windows copy regedit.exe regedit.com regedit.com (Are you able to get into the registry editor? Leave it running and get back to me.)
#108
Posted 21 April 2012 - 12:17 PM

well it says 1 file copied and it did scan. After I typed in the last regedit.com nothing happened, just went back to c:\windows if that's what was suppose to happen.
Edited by neataznyam, 21 April 2012 - 12:17 PM.
#109
Posted 21 April 2012 - 12:49 PM

No. Was hoping we could get the registry editor to come up.
Copy this line:
reg delete HKEY_CURRENT_USER\SOFTWARE\Classes\exefile
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear. Hit Enter.
Do you get an error? What does the error say?
When you right clicked on the unhookexe.inf file did you have an option to Merge?
Copy this line:
reg delete HKEY_CURRENT_USER\SOFTWARE\Classes\exefile
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear. Hit Enter.
Do you get an error? What does the error say?
When you right clicked on the unhookexe.inf file did you have an option to Merge?
#110
Posted 21 April 2012 - 01:39 PM

If reg delete fails then see if you can create and boot off the PC Regedit CD they talk about midway on this page:
http://www.raymond.c...ing-in-windows/
Start with:
They give you some info on how to burn the CD but the easiest way is with the free iso burner:
http://www.freeisoburner.com/
If you can get it to boot then you probably need to have it open C:\Users\henry\NTUSER.DAT or USRCLASS.DAT to find the HKEY_CURRENT_USER\SOFTWARE\Classes\exefile
which we want to delete.
If you can't get that to work then try the Windows Defender Offline program:
http://windows.micro...efender-offline
Apparently if MSSE finds a problem it can't handle it tells the user to run Windows Defender Offline but I don't think you need MSSE to run it. The nice thing about it is it does not need a second program to burn a CD or create a bootable USB drive. There is a separate program for 32 and 64 bit systems. You will need the 64 bit version. Then you have a choice of blank CD or a USB drive or .iso file. You boot off the CD or USB and it gives you some choices (Quick Scan and Full Scan if I remember correctly - may be other choices). Then it scans your system and fixes anything it knows how to fix but I think it asks permission so you can't just let it run overnight.
http://www.raymond.c...ing-in-windows/
Start with:
1. Download PC Regedit
They give you some info on how to burn the CD but the easiest way is with the free iso burner:
http://www.freeisoburner.com/
If you can get it to boot then you probably need to have it open C:\Users\henry\NTUSER.DAT or USRCLASS.DAT to find the HKEY_CURRENT_USER\SOFTWARE\Classes\exefile
which we want to delete.
If you can't get that to work then try the Windows Defender Offline program:
http://windows.micro...efender-offline
Apparently if MSSE finds a problem it can't handle it tells the user to run Windows Defender Offline but I don't think you need MSSE to run it. The nice thing about it is it does not need a second program to burn a CD or create a bootable USB drive. There is a separate program for 32 and 64 bit systems. You will need the 64 bit version. Then you have a choice of blank CD or a USB drive or .iso file. You boot off the CD or USB and it gives you some choices (Quick Scan and Full Scan if I remember correctly - may be other choices). Then it scans your system and fixes anything it knows how to fix but I think it asks permission so you can't just let it run overnight.
#111
Posted 21 April 2012 - 04:33 PM

well I deleted the file, it said successfully completed operation
Edited by neataznyam, 21 April 2012 - 04:37 PM.
#112
Posted 21 April 2012 - 04:39 PM

for unhook I didn't see a merge when I right clicked but I saw install
#113
Posted 21 April 2012 - 04:57 PM

Interesting that it lets reg work. Did that make a difference in running other exe files?
Right click on a file that won't run and select Properties then look if it says anything about the file being blocked. Click on Unblock. See if it will run now.
Try copying the next line and pasting it into a command prompt as before.
reg export "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" "%userprofile%\Desktop\ifeo.txt"
It should create a file called ifeo.txt on your desktop. If so please attach the file to your next post.
Right click on a file that won't run and select Properties then look if it says anything about the file being blocked. Click on Unblock. See if it will run now.
Try copying the next line and pasting it into a command prompt as before.
reg export "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" "%userprofile%\Desktop\ifeo.txt"
It should create a file called ifeo.txt on your desktop. If so please attach the file to your next post.
#114
Posted 21 April 2012 - 05:54 PM

here you go
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Acrobat.exe]
"DisableExceptionChainValidation"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcrobatInfo.exe]
"DisableExceptionChainValidation"=dword:00000000
@=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32.exe]
"DisableExceptionChainValidation"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32Info.exe]
"DisableExceptionChainValidation"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions]
"mscoree.dll"=dword:00000001
"mscorwks.dll"=dword:00000001
"mso.dll"=dword:00000001
"msjava.dll"=dword:00000001
"msci_uno.dll"=dword:00000001
"jvm.dll"=dword:00000001
"jvm_g.dll"=dword:00000001
"javai.dll"=dword:00000001
"vb40032.dll"=dword:00000001
"vbe6.dll"=dword:00000001
"ums.dll"=dword:00000001
"main123w.dll"=dword:00000001
"udtapi.dll"=dword:00000001
"mscorsvr.dll"=dword:00000001
"eMigrationmmc.dll"=dword:00000001
"eProcedureMMC.dll"=dword:00000001
"eQueryMMC.dll"=dword:00000001
"EncryptPatchVer.dll"=dword:00000001
"Cleanup.dll"=dword:00000001
"divx.dll"=dword:00000001
"divxdec.ax"=dword:00000001
"fullsoft.dll"=dword:00000001
"NSWSTE.dll"=dword:00000001
"ASSTE.dll"=dword:00000001
"NPMLIC.dll"=dword:00000001
"PMSTE.dll"=dword:00000001
"AVSTE.dll"=dword:00000001
"NAVOPTRF.dll"=dword:00000001
"DRMINST.dll"=dword:00000001
"TFDTCTT8.dll"=dwo rd:00000001
"DJSMAR00.dll"=dword:00000001
"xlmlEN.dll"=dword:00000001
"ISSTE.dll"=dword:00000001
"symlcnet.dll"=dword:00000001
"ppw32hlp.dll"=dword:00000001
"Apitrap.dll"=dword:00000001
"Vegas60k.dll"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe]
"DisableExceptionChainValidation"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe]
"DisableExceptionChainValidation"=dword:00000000
"DisableUserModeCallbackFilter"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MovieMaker.exe]
"CWDIllegalInDllSearch"=dword:ffffffff
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WLXAlbumDownloadWizard.exe]
"CWDIllegalInDllSearch"=dword:ffffffff
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Acrobat.exe]
"DisableExceptionChainValidation"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcrobatInfo.exe]
"DisableExceptionChainValidation"=dword:00000000
@=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32.exe]
"DisableExceptionChainValidation"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32Info.exe]
"DisableExceptionChainValidation"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions]
"mscoree.dll"=dword:00000001
"mscorwks.dll"=dword:00000001
"mso.dll"=dword:00000001
"msjava.dll"=dword:00000001
"msci_uno.dll"=dword:00000001
"jvm.dll"=dword:00000001
"jvm_g.dll"=dword:00000001
"javai.dll"=dword:00000001
"vb40032.dll"=dword:00000001
"vbe6.dll"=dword:00000001
"ums.dll"=dword:00000001
"main123w.dll"=dword:00000001
"udtapi.dll"=dword:00000001
"mscorsvr.dll"=dword:00000001
"eMigrationmmc.dll"=dword:00000001
"eProcedureMMC.dll"=dword:00000001
"eQueryMMC.dll"=dword:00000001
"EncryptPatchVer.dll"=dword:00000001
"Cleanup.dll"=dword:00000001
"divx.dll"=dword:00000001
"divxdec.ax"=dword:00000001
"fullsoft.dll"=dword:00000001
"NSWSTE.dll"=dword:00000001
"ASSTE.dll"=dword:00000001
"NPMLIC.dll"=dword:00000001
"PMSTE.dll"=dword:00000001
"AVSTE.dll"=dword:00000001
"NAVOPTRF.dll"=dword:00000001
"DRMINST.dll"=dword:00000001
"TFDTCTT8.dll"=dwo rd:00000001
"DJSMAR00.dll"=dword:00000001
"xlmlEN.dll"=dword:00000001
"ISSTE.dll"=dword:00000001
"symlcnet.dll"=dword:00000001
"ppw32hlp.dll"=dword:00000001
"Apitrap.dll"=dword:00000001
"Vegas60k.dll"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe]
"DisableExceptionChainValidation"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe]
"DisableExceptionChainValidation"=dword:00000000
"DisableUserModeCallbackFilter"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MovieMaker.exe]
"CWDIllegalInDllSearch"=dword:ffffffff
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WLXAlbumDownloadWizard.exe]
"CWDIllegalInDllSearch"=dword:ffffffff
#115
Posted 21 April 2012 - 07:02 PM

Try copying the next line and pasting it into a command prompt as before.
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "%userprofile%\Desktop\LMRun.txt"
It should create a file called LMRun.txt on your desktop.
Let's see if we can get it to delete the malware entries now that we have a backup copy.
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v devicemob
if that seems to work
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v xmlimig
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v dplaysvr
Then
reg export HKEY_Current_User\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "%userprofile%\Desktop\CURun.txt"
It should create a file called CURun.txt on your desktop.
reg delete HKEY_Current_User\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v devicemob
reg delete HKEY_Current_User\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v xmlimig
reg delete HKEY_Current_User\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v dplaysvr
reg export "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" "%userprofile%\Desktop\Winlogon.txt"
Attach or copy and paste "Winlogon.txt"
reg export HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System "%userprofile%\Desktop\LMPolicies.txt"
Attach or copy and paste "LMPolicies.txt"
reg export "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]" "%userprofile%\Desktop\Policies.txt"
Attach or copy and paste "CUPolicies.txt"
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "%userprofile%\Desktop\LMRun.txt"
It should create a file called LMRun.txt on your desktop.
Let's see if we can get it to delete the malware entries now that we have a backup copy.
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v devicemob
if that seems to work
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v xmlimig
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v dplaysvr
Then
reg export HKEY_Current_User\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "%userprofile%\Desktop\CURun.txt"
It should create a file called CURun.txt on your desktop.
reg delete HKEY_Current_User\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v devicemob
reg delete HKEY_Current_User\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v xmlimig
reg delete HKEY_Current_User\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v dplaysvr
reg export "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" "%userprofile%\Desktop\Winlogon.txt"
Attach or copy and paste "Winlogon.txt"
reg export HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System "%userprofile%\Desktop\LMPolicies.txt"
Attach or copy and paste "LMPolicies.txt"
reg export "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]" "%userprofile%\Desktop\Policies.txt"
Attach or copy and paste "CUPolicies.txt"
#116
Posted 21 April 2012 - 07:33 PM

the first line i pasted I got a message about windows\system32\mscoree.dll saying this file does not have a program associated with it for the performing this action. Please install a program or, if one is laready installed create an association in the default programs control panel.
#117
Posted 21 April 2012 - 07:35 PM

I did reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v devicemob and when it ask yes or no I keep putting yes and it keeps asking me the same question, the same thing happened with the following entries
Edited by neataznyam, 21 April 2012 - 07:38 PM.
#118
Posted 21 April 2012 - 07:42 PM

Can you uninstall your AdAware and SuperAntiSpyware? One of them may be causing us problems. We may need to reset the permissions on the registry.
Can you get the reg export lines to work? Pleas copy and paste any you can get.
Can you get the reg export lines to work? Pleas copy and paste any you can get.
#119
Posted 21 April 2012 - 07:44 PM

okay I got the lmrun file, do i just paste what's inside there to the command prompt because thats what I did and it said adobeaamupdater-10" is not recognized as an internal or external command, operable program or batch file.
#120
Posted 21 April 2012 - 07:47 PM

You can also try adding a /f. Then it shouldn't ask for a yes or no.
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v devicemob /f
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v devicemob /f
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:






