Jump to content

Multiple Issues / MA-M Run-time error '-2147024769 (8007007f)'

BBonster
 Share

Recommended Posts

BBonster

BBonster

Posted
Posted

Hello,

 

My friend recruited me to help after two different online companies totally messed up her computer worse than before she started having issues. I've been able to fix simple things for her in the past, but this one has me completely baffled and I'm not tech-ie enough to figure it out.  This is a Dell Latitude D531 laptop running Windows XP.  I know the others tried to reinstall her OS (so it's now back to SP 2) but other than that I have no idea what all the other people may have run or not run, but here is what I've done and found:

 

1. I updated Norton 360 and it found "Trojan.Ransom.FMS".

2. I attempted to run Malwarebytes, but I just keep getting the Run-time error in the topic title. Additional info provided in the message says "Automation error / The specified procedure could not be found."

3.  Additional message windows that keep appearing are:

     a.  Found new hardware - Dell Touchpad / Cannot install this hardware / Fatal error during installation.

     b.  Embassy Security Setup Wizard / The application could not launch. Please try again.

     c.  Microsoft Feeds Synchronization -- has encountered a problem and needs to close.... This pops up all the time.

4. I cannot install any Microsoft updates as the following message occurs:

Thank you for your interest in obtaining updates from our site.
To use this site, you must be running Microsoft Internet Explorer 5 or later.

Automatic updates is set to on. 

5. No restore points are available before the date of the reinstall by one of the companies. 

6. I've tried to use chameleon and rkill to no avail. I still cannot get Malwarebytes to run. 

 

Any assistance in debugging this would be greatly appreciated.  I've added to the post a few files that I found on her desktop that might be helpful (Rkill is the one I ran today). 

 

Is there hope or should I just tell her to take it to Staples or call in the Geek Squad...? 

 

Thanks in advance for your time, assistance and recommendations. 

 

SilentBACS.txt

 

JRT.txt

 

Rkill.txt

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Hello and :welcome:

Please run the following steps and post back all the logs as ATTACHMENTS by clicking on the More Reply Options button.
Please don't put logs in code or quote tags or copy/paste them into your reply unless you're unable to attach them.
Please enable your system to show hidden files: How to see hidden files in Windows

P2P/Piracy Warning:

  • If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
  • Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
  • If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
  • Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

STEP 02
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.

STEP 03
Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

STEP 04
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus

STEP 05
Please download AdwCleaner by Xplode to your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • If prompted by the User Account Control click Yes to allow it to run.
  • Under Actions click on the Delete button.
  • Click OK on all prompts.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the entire contents of that logfile to your next reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt where the number in brackets indicates how often it was run.

STEP 06
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.
Link to post
Share on other sites
BBonster

BBonster

Posted
  • Author
Posted

And...great...I'm right back to where this all started for my friend. I'm sitting at the laptop and ads are ust running in the background like I'm viewing something on the internet but all I have open is the Mozilla Firefox Start Page (IE not working at all) and this topic on malwarebytes.org.  What the heck is going on...?!?!  I'm going to run the Anti-Root Kit again, but it didn't find anything the first time around.  This is CRAZY...!

Link to post
Share on other sites
BBonster

BBonster

Posted
  • Author
Posted

Step 3 completed for the second time and here are the two resulting files again. Result indicated "Scan Finished: No malware found!"...however, I just noticed that only one file has the most current time stamp. The other one didn't seem to update?  Regardless, I'm attaching them. 

 

system-log.txt

mbar-log-2013-07-25 (12-59-44).txt

 

Onto next step -- running Junkware Removal Tool for the first time.

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

 

Once that is complete then uninstall ALL versions of Java.  

 

Is Norton 360 still your antivirus and is it up to date and running?

 

 

 

Then run the following and post back the logs.

 

Please download the following scanner from Kaspersky and save it to your computer: TDSSkiller

Then watch the following video on how to use the tool and make sure to temporarily disable your security applications before running TDSSkiller.

PC Winvids - How to run Kaspersky TDSSKiller

If any infection is found please make sure to choose SKIP and post back the log in case of a False Positive detection.

Once the tool has completed scanning make sure to re-enable your other security applications.
 

 

fixlist.txt

Link to post
Share on other sites
BBonster

BBonster

Posted
  • Author
Posted

I have put copies of FRST.exe, frst.txt, and fixlist.txt all on them on the desktop and launched the executable file. It did prompt me about updating to the most current version. However, I am unable to do so because it attempt to launch Internet Explorer (which is corrupted and not working) and, thus, I get the following message (no header in the blue header in the error message window):  “The requested lookup key was not found in any active activation context.”  Attached is a Word Document with all of the message windows I received.  At the end when I click OK on the last message the Farbar program just closes out and doesn’t run. 

 

Is there any way for me to download the current program from a site, please?

 

Yes, Norton 360 is still the AV program installed on this (my friend's) laptop and it has a current subscription and virus definitions are up-to-date. 

 

I haven't uninstalled Java yet until I know if it's okay to do so before first being able to complete the FRST.exe piece. I don't want to do anything out of order for fear of messing up anything worse than they already are...

Link to post
Share on other sites
BBonster

BBonster

Posted
  • Author
Posted

Sorry for the typo in the first sentence in the last post and I forgot to attach the file too! So here it is...

 

Ok, so here it isn't (!) ... it won't let me upload a Word document so I guess I have to type out the messages in the windows - woo hoo! Here they are:

 

1.  Farbar Recovery Scan Tool -- just the message about it being outdated to which I clicked "Yes" to download the latest version. But then it tries to open up Internet Explorer and...

2.  No header in the message window but the mssage says "The requested lookup key was not found in an active activation context." to which I just have to hit the OK command button.

3.  Autolt Error -- "Line 7606 (...of the FRST.exe file on the desktop): Error: The requested action with this object has failed." When I click the OK command button it just closes out the window and the Farbar software. 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Sorry about that.  There was an issue with one of the versions of FRST that was fixed but since the download failed it could not grab it.  Please delete you copy and manually download a new copy to use.

 

Then temporarily disable your antivirus and run it again.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


 

Link to post
Share on other sites
BBonster

BBonster

Posted
  • Author
Posted

All versions of Java have been uninstalled as requested.

 

I ran the Kaspersky TDSSKiller scan and chose skip as requested. When I went out to find the log files I discovered that whomever my friend had work on this laptop previously must also have used this program. Thus, I am also attaching those files for your review.  The first three are the current ones I just ran. The second set are the older ones from July 9.

 

TDSSKiller.2.8.18.0_29.07.2013_10.46.18_log.txtTDSSKiller.2.8.18.0_29.07.2013_10.48.33_log.txtTDSSKiller.2.8.18.0_29.07.2013_10.46.35_log.txt

 

TDSSKiller.2.8.16.0_09.07.2013_16.51.43_log.txtTDSSKiller.2.8.18.0_09.07.2013_08.17.34_log.txt

.1.0.0.0_10.07.2013_17.18.03_log.txt

.1.0.0.0_09.07.2013_16.52.02_log.txt

 

I also am seeing a TDSSKiller Quarantine folder from July 9.  Do you want/need me to send that to you also? 

 

Where do we go from here?  The Microsoft Feeds Synchronization message keeps popping up, things aren't loading properly when it boots up (e.g., it keeps finding the Dell Touchpad but won't load the driver for it), etc.  Do I just bail and try to backup as much as I can and reinstall Windows XP from scratch?  But I'm now wondering if some of these ongoing issues are from the fact that the company that tried to help my friend had her do a repair of the Win XP OS, but I found the Trojan.Ransom.FMS on it when I got the laptop from her. They had her trying to reinstall drivers and I don't think they got everything back to where it needs to be.  But since I don't know where they left things with her, that's why I'm wondering if I should just bail and start over from scratch...?  Your advice is greatly appreciated. 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Well if you have the Windows XP installation CD and a valid COA install key and are comfortable reinstalling Windows then that would certainly be a good way to go as this computer was hit by a rootkit which makes it always suspicious going forward.  I can provide you some links for help on reinstalling if you like or we can continue and see if we can get everything cleaned  up or not.   Just let me know what direction you want to go.

 

Thanks

Link to post
Share on other sites
BBonster

BBonster

Posted
  • Author
Posted

Do you have any guess as to which would be quicker? At this point I'm positive my friend just wants her laptop back and I do, too, as I starting to get exasperated with it! ;)

 

Yes, I have all of the necessary CDs -- the original Win XP Pro SP2 and the Product Key, Drivers & Utilities CD. I would have to get other CDs from her like MS Office and her NetGear router, et al as well as her Norton 360 user id and password. I won't say I'm entirely comfortable with it. I did it once before many years back and I just recall that you have to be absolutely certain you get the Dell software and drivers installed in the correct order or it messes things up. Should I just be able to use the drivers and utilities CD or would I be better off downloading directly off of the Dell Web site if you think I should go this route?

 

I'm open to whichever you think is the better solution. 

 

Thank you very much!

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

No doubt a rebuild is the better solution, but data backups, etc and customizations, etc are often the draw back as those take time to save and / or recover.

 

Please run the following and we'll see if we can clean it up more.

 

 

Please run the following scanner and send back the logs.

Download DDS from one of the locations below and save to your Desktop
dds.scr
dds.com


Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr or dds.com to run the tool.
Click the Run button if prompted with an Open File - Security Warning dialog box.
A black DOS console should open and run for a moment. 


    When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt


  • Save both reports to your desktop
  • Please include the following logs in your next reply as an attachment: DDS.txt and Attach.txt
    You can ignore the note about zipping the Attach.txt file


 

 

 

Please download MiniToolBox save it to your desktop and run it.

Checkmark the following check-boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files


Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using Reset FF Proxy Settings option Firefox should be closed.
 

 

Then let me know what specific issues you're currently having or seeing so that we can address them.

 

Thanks

Link to post
Share on other sites
BBonster

BBonster

Posted
  • Author
Posted

Two things: 

 

  1. I overlooked the statement about closing Firefox before I ran the MiniTool...if you need me to run and produce the file again, please let me know.
  2. I currently have the wireless adapter disabled because it wasn't working properly either at my friend's house nor mine.  If you want me to enable it and re-run, please let me know.

Here is the file:

 

Result.txt

 

Here's is what I know still is not working properly:

 

  1. Internet Explorer -- I cannot seem to uninstall nor am I able to get the most recent version downloaded.
  2. Because of the restore the OS is Win XP SP 2 vs. 3. When I look it up on MS Update (on my PC, not the laptop) the only link I can find is for IT professionals... I can't seem to locate the download for a home PC.
  3. Everytime I reboot the laptop tries to install the Dell Touchpad but always errors out and doesn't install properly (fatal error during installation).
  4. Also when I reboot the "Embassy Security Setup Wizard" message "The application could not launch. Please try again." always shows up...
  5. I cannot connect wirelessly to the laptop and this is the way my friend connects at her home.

Again, thank you for your diligence in helping me try to resolve this problem. 

 

 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Please uninstall the following.

PC Helper 360

Then go ahead and download the following Service Pack 3 for the computer and save it - don't run it from the Web.
The IT version is a better solution to download as it has all the files needed that the Web updater from time to time can miss.
It is a big file at 316.4 MB but is the right one.  Make sure you disable your antivirus when you intall it.

Windows XP Service Pack 3 Network Installation Package for IT Professionals and Developers

After the install try to launch Internet Explorer and go to the Windows Update site again and scan for updates.


Please give me the exact Model name and number of the computer as well as the Service TAG and I'll look up other drivers for you.
 

Link to post
Share on other sites
BBonster

BBonster

Posted
  • Author
Posted

Okay -- will uninstall PCHelper.  That was already on the laptop when I picked it up from my friend. 

 

The laptop is a Dell Latitude D531, ST 5YTTNG1, ESC 129-898-539-37.  There is a little tag on it indicating "AMD Turion X2 64". 

 

I'll be back online once I do the above and get SP3 and all updates (hopefully) downloaded and successfully installed. 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.