Runtime error 339 .. possible hack?

[aircanada]

Hey Guys,

I'm having problems opening Malwarebytes software. I get a runtime error 339 and says there is a problem with ieframe.dll

In addition earlier today my computer may have been hacked. As my volume controls were changing on its own, the cd/dvd drive was open/closing on its own. Random links were poping up on my screen. And after some time a remote chat opened up where someone started talking to me. He noticed sounds going on in my home, as he had mentioned them in the conversation. He also noticed when I muted my volume controls and mentioned that. My webcam light was on earlier as well, he may have been watching me?

I'm not too sure what's going on.

Any help would be awesome.

Thanks !

attach.txt

dds.txt

[Maniac]

Hello aircanada and ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
  

Probably watching you.

Step 1

Please uninstall the following applications:

Ask Toolbar

µTorrent

Delta Chrome Toolbar

Delta toolbar

ooVoo toolbar, powered by Ask.com Updater

Yontoo 2.053

Step 2

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
  
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  
• The tool will open and start scanning your system.
  
• Please be patient as this can take a while to complete depending on your system's specifications.
  
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  
• Post the contents of JRT.txt into your next message.
  

Step 3

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Step 4

Please download AdwCleaner from here and save it on your Desktop.

1. Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
   
2. Now click on the Search tab.
   
3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Step 5

• Download on the desktop RogueKiller
  
• Quit all programs
  
• Start RogueKiller.exe
  
• Wait until Prescan has finished ...
  
• Click on Scan. Click on Report and copy/paste the content of the notepad in your next reply.

In your next reply, post the following log files:

• Junkware Removal Tool log
  
• ComboFix log
  
• AdwCleaner log
  
• RogueKiller log

[aircanada]

Here what you requested for.

Thanks for looking into this !

JRT.txt

ComboFix.txt

AdwCleanerR1.txt

RogueKiller.txt

[Maniac]

Step 1

1. Please re-run AdwCleaner
   
2. Click on Delete button.
   
3. Confirm each time with OK.
   
4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Step 2

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::

c:\users\Bhavik\AppData\Roaming\Error Fix

c:\users\Bhavik\476482

c:\users\Bhavik\963763

c:\users\Bhavik\439174

c:\users\Bhavik\493915

DirLook::

c:\users\Bhavik\AppData\Roaming\QuickScan

c:\users\Bhavik\AppData\Roaming\Anti Malware

c:\program files (x86)\Anti Malware

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

[aircanada]

As you requested.

ComboFix Log.txt

AdwCleanerS1.txt

[Maniac]

Please post your log files directly in your reply.

Step 1

1. Please re-run AdwCleaner
   
2. Click on Delete button.
   
3. Confirm each time with OK.
   
4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Step 2

Please locate and manually delete the following folders:

c:\users\Bhavik\AppData\Roaming\QuickScan

c:\users\Bhavik\AppData\Roaming\Anti Malware

c:\program files (x86)\Anti Malware

Step 3

Please scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
  
• Click the button.
  
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
    Save it to your Desktop.
    
  • Double click on the to download the ESET Smart Installer. icon on your Desktop.
    

  [*]Check "YES, I accept the Terms of Use."

  [*]Click the Start button.

  [*]Accept any security warnings from your browser.

  [*]Under Scan Settings, check "Scan Archives" and "Remove found threats"

  [*]Click Advanced settings and select the following:

  • Scan potentially unwanted applications
    
  • Scan for potentially unsafe applications
    
  • Enable Anti-Stealth technology

  [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

  [*]When the scan completes, click List Threats

  [*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

  [*]Click the Back button.

  [*]Click the Finish button.

In your next reply, post the following log files:

• AdwCleaner log
  
• ESET Online Scanner log

[aircanada]

# AdwCleaner v2.301 - Logfile created 05/22/2013 at 11:37:36

# Updated 16/05/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Bhavik - DISHA-VAIO

# Boot Mode : Normal

# Running from : C:\Users\Bhavik\Downloads\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Registry is clean.

-\\ Google Chrome v [unable to get version]

File : C:\Users\Disha\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Bhavik\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.2471] : homepage = "hxxp://www1.delta-search.com/?affID=119293&tt=gc_&babsrc=HP_ss&mntrId=EAABA64BF5C697[...]

Deleted [l.3033] : urls_to_restore_on_startup = [ "hxxp://www1.delta-search.com/?affID=119293&tt=gc_&babsrc=HP_s[...]

*************************

AdwCleaner[R1].txt - [5535 octets] - [21/05/2013 21:44:33]

AdwCleaner[R2].txt - [5595 octets] - [22/05/2013 11:01:24]

AdwCleaner[R3].txt - [1329 octets] - [22/05/2013 11:37:12]

AdwCleaner[s1].txt - [5739 octets] - [22/05/2013 11:01:38]

AdwCleaner[s2].txt - [1242 octets] - [22/05/2013 11:37:36]

########## EOF - C:\AdwCleaner[s2].txt - [1302 octets] ##########

-----------

C:\Qoobox\Quarantine\C\Users\Bhavik\439174\svhost.exe.vir a variant of Win32/Injector.Autoit.IP trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Users\Bhavik\476482\svhost.exe.vir a variant of Win32/Injector.Autoit.IP trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Users\Bhavik\AppData\Roaming\63638365528064_new.exe.vir a variant of Win32/Injector.Autoit.IM trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Users\Bhavik\AppData\Roaming\erver.Exe.vir a variant of Win32/AutoRun.PSW.VB.H worm cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Users\Bhavik\AppData\Roaming\JavaUpdater\36114403_DC1.exe.vir a variant of MSIL/Kryptik.FT trojan cleaned by deleting - quarantined

C:\Users\Bhavik\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000628 HTML/ScrInject.B.Gen virus deleted - quarantined

C:\Users\Bhavik\AppData\Roaming\{2493410E-B666-C6A5-5331-BC46EA7C52D7}\eknr.exe a variant of Win32/AutoRun.PSW.VB.H worm cleaned by deleting - quarantined

C:\Users\Bhavik\AppData\Roaming\{A8844B0B-CA06-CB5E-D0E5-7B08749934CC}\eknr.exe a variant of Win32/AutoRun.PSW.VB.H worm cleaned by deleting - quarantined

C:\Users\Bhavik\Downloads\Adobe Photoshop CS6 Extended Keygen.rar Win32/Spatet.I trojan deleted - quarantined

C:\Users\Bhavik\Downloads\Billion Uploads File Downloader v1.0.exe Win32/InstalleRex.E application cleaned by deleting - quarantined

C:\Users\Bhavik\Downloads\errorfix.exe a variant of Win32/Adware.ErrorRepair application cleaned by deleting - quarantined

C:\Users\Bhavik\Downloads\Express_Installer (1).exe a variant of Win32/Adware.iBryte.G application cleaned by deleting - quarantined

C:\Users\Bhavik\Downloads\Express_Installer.exe a variant of Win32/Adware.iBryte.G application cleaned by deleting - quarantined

C:\Users\Bhavik\Downloads\Free_Licence_Key_For_Dll_Suite_downloader_ca_99089.exe a variant of Win32/YourFileDownloader.B application cleaned by deleting - quarantined

C:\Users\Bhavik\Downloads\HitMalware.exe Win32/Adware.HitMalware.A application cleaned by deleting - quarantined

C:\Users\Bhavik\Downloads\Pazera_Free_MOV_to_AVI_Converter.exe Win32/InstallMonetizer.AF application cleaned by deleting - quarantined

C:\Users\Bhavik\Downloads\setup.exe a variant of Win32/Adware.ErrorRepair application cleaned by deleting - quarantined

C:\Users\Disha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\27OL5KFU\72890[1].htm HTML/Iframe.B.Gen virus deleted - quarantined

C:\Users\Disha\Downloads\setup (1).exe multiple threats cleaned by deleting - quarantined

C:\Users\Disha\Downloads\setup.exe multiple threats cleaned by deleting - quarantined

[Maniac]

Please re-install your Malwarebytes' Anti-Malware and let me know how are things then.

[aircanada]

I still get the same Runtime error 339 popup.

[Maniac]

Right click on Malwarebytes' Anti-Malware icon and click on Run As Administrator .

[aircanada]

Same problem still

[Maniac]

• 
  
• Download and run mbam-clean.exe from here
  
• It will ask to restart your computer, please allow it to do so very important
  
• After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
  
  • 
    
  • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    
  • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
    Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.
    

[aircanada]

I did all that, and unfortunately I still get the runtime error 339 when I try to open the program.

[Maniac]

Please give me the whole message.

[aircanada]

Run-time error '339'

Componenet 'ieframe.dll' or one of its dependencies not correctly registered: a file is missing or invalid

[Maniac]

Please try this tip:

http://kb.swiftkit.net/question-error-339.html

[aircanada]

Fixed it! Just uninstalled Internet Explorer and I was able to run Malwarebytes. But how would I know if this hacker still has access to my computer or not?

Thanks for all your help by the way.

[Maniac]

Good!

We removed the infection, the following rule applies: Once your system is infected, it can even be cleaned no guarantee that everything will be fine.

[aircanada]

Alright, well then thanks a lot for your help Maniac ! Appreciate your time & effort .

[Maniac]

Glad I could help!

Let's clean those tools:

Step 1

• Download OTC to your desktop and run it
  
• Click Yes to beginning the Cleanup process and remove these components, including this application.
  
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  

Step 2

• Double click on AdwCleaner.exe to run the tool.
  
• Click on Uninstall
  
• Confirm with Yes
  

Step 3

Please uninstall ESET Online Scanner and manually delete RogueKiller.

Step 4

Some malware prevention tips:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing!

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!