Posts by PhilliePhan

jre-6u24windows-i586-s

pasted it to program files, it wasn't there, it is only on the desktop and in downloads

OK - Please copy that to the C:\ Drive (just for my convenience) so we have:
C:\jre-6u24-windows-i586-s.exe

Then, open an elevated command prompt and type or Copy&Paste:
C:\jre-6u24-windows-i586-s.exe /s /L C:\javalog.txt ENTER

Let it run for a bit. It may help to open Process Explorer before running the command - look and see in the processes if the Java installer is running or if it stops.

-- Then, please post the contents of C:\javalog.txt once the process finishes.

-- Do you still have Comodo disabled during the install process? That's probably a good idea to disable it for these attempts.

PP:)

GRRR, nothing but the spinning blue wheel, it hates me ;)

OK- Let me break out the thinking cap and see what I can come up with.

In the meantime, please download Process Explorer and extract the folder from the ZIP to the Desktop.

-- Also, what is the Exact name of the Offline Java install package?
For example: jre-****_mar_2011.exe

Please copy and paste it to C:\ Drive if it is not already there.

PP:)

Ok, says it was successful.

Great - Now try the Java installer again.
RightClick it and "run as administrator" just to be on the safe side.

Let's see what happens - let me know of any errors.

PP:)

Edit: I have access to a computer to post all day but I am only able to work on my computer after 9 EST due to work.

No worries - we're all volunteers with differing availability as well.

-- Can you open an elevated command prompt in Normal Windows Boot and type:
tasklist >>C:\Logit.txt ENTER and post the C:\Logit.txt

Note: tasklist <space> >>C:\Logit.txt

I'd like to see what the running processes are for this thing.

-- Are you able to run MBAM in Normal Windows Boot (or in Safe Mode, if Normal fails) as per the linky below? You'll need to be sure to update it before the scan and to Reboot after the scan.
http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/134865

Let me know how it shakes out.

PP:)

hmmm, I ran it as an admin earlier, I did a screen shot so I went back and checked it; this time it says invalid parameter "Data"

Since application data is two words, it needs quotation marks .. . . This is what happens when I am doing 10 things at once.....

Try this:

icacls "C:\Users\Auberey\Application Data" /grant Everyone:(D,WDAC) and hit ENTER.

PP :)

no text log but this is what came up in the command prompt. . . .

Bleh...

OK - let's do this:

Please open an Elevated Command Prompt.

Then, copy and paste the following:

icacls C:\Users\Auberey\Application Data /grant Everyone:(D,WDAC) and hit ENTER.

See if there are any error messages or a "completed successfully" message and let me know.

PP:)

it's quite old.
Also there's no option for recovery in the control panel.

OK - It doesn't look as though a System Recovery is an option for you. Most (read All) newer machines come with a "Recovery Partition" on the hard drive which can be used to reset a machine to its "right out of the box" state.
Manufacturers stopped supplying Windows CDs and DVDs - people had to burn their own recovery disks using the default partition.

Anyhoo, your options are pretty much limited to trying to obtain Recovery Disk from manufacturer or buying a new Windows OS disk or scrapping the machine altogether.

-- Lastly, you could post a thread for help in the Viruses/Spyware forum and see if your machine can be cleaned of whatever is ailing it....

Best Luck :)
PP

I've tried it with it turned off previously but I'll try it again. Honestly I usually leave it off most of the time due to an inability to name my own files in Adobe. I turned it on per the java tech's recommendation. He said it might work on instead of off. Doing the rest now.

I think we are going to run into the same problem we had last time, but let's give this a try:

Open an Elevated command prompt and copy and paste:
cacls "C:\Users\Auberey\Application Data" /GE:F and hit ENTER
Let me know if there's an error message.

If no message or it says something like "completed successfully," please try the Java install again with the offline install package.

Also, you can probably safely delete all of these - doubt they'll be needed again:

C:\ComboFix.txt
C:\JavaRa.log
C:\Logit.txt
C:\Look.txt
C:\mbam-error.txt
C:\RegKey.txt

I'm out for a bit - will check back later tonight or tomorrow.

PP:)

OK - that helps.

-- What happens if you disable Vista's UAC and then try the Java install?

Also, it looks as though some of our old logs from last time remain on the machine - you can delete those.
Open a command prompt and type dir C:\ >>C:\Look.txt and hit ENTER and then post the C:\look.txt for me and we'll get rid of those old logs.

PP:)

task manager - no, doesnt work
command prompt - only way to get that, is starting into - safe mode with c prompt.
(although i dont really know what i can do from there)
no flash drive, but access to work computer to put stuff onto a cd

OK - We can work with that. No worries.

-- Can you get Safe Mode with Networking?
-- What options do you get when you tap F12 on boot?

Can you burn an ISO? You may need a free tool such as ImgBurn to do this.

You'll need to prepare the TWO following CDs:

Please put the following on CD 1:
- MBAM
- Combofix.exe

Please burn the following ISO to CD 2:
- bitdefender-rescue-cd.iso

Let me know when you're all set and we'll have a whack at this.

Cheers :)
PP

thanks PP!

This is a bit difficult given that the install just stops and there are no error messages.

-- Is your Vista 32 or 64-bit? I can't remember....

-- Open a command prompt and copy&paste:
cacls "%userprofile%\application data" >>C:\logit.txt and hit ENTER
Please navigate to C:\logit.txt and post that for me.
You may need an elevated command prompt to get it to run properly in Vista.

-- Also, please try the installation of the offline Java package again. Even if it doesn't seem to be doing anything, let it go for a bit.
Then, if still no joy, please download and run This Tool.
It should place a shortcut on the desktop - run that to produce the log and please post that for me.

Cheers :)
PP

My Presario R3000 laptop recently got a virus and i would like to restore the system back to factory settings. I have already backed up the files i want to keep and have been trying to work out how to do this all evening and night without success.

Can anybody tell me how to restore the laptop without a disk that most people seem to be suggesting. I have no disks that came with the laptop.

Any help appreciated, thanks.

I assume you do not know if you have a (viable) Recovery Partiton?

-- Do you have any option in Control Panel for System Recovery or Recovery Manager?

Sometimes you can access this by tapping F11 or F9 on boot (tends to vary and I can't remember what compaq is - your owner's manual ought to say).

PP:)

is there anyone that can walk a beginner thru this.
the windows safe mode virus is keeping me from opening in safe mode
and running any antivirus programs, etc.
i am unable to do anything that i am currently capable of doing myself.

-- Are you able to access Task Manager? (ctrl-alt-del)
-- Can you get a command prompt that way?
-- Do you have a flash drive to download some tools to from a working computer?

Let us know and we'll have a whack at this - I'll be back this evening.

Cheers :)
PP

Hi PhilliePhan, I regret to inform that I've never used ComboFix before. I'll give it a shot though. Is there anything I should specifically be targeting when using it?

Nah - Just curious if you had considered trying that.

-- Are you able to update your Super Anti-spyware and run a scan in Normal Windows Boot?
If not, try MBAM

How are things running now? Are you still experiencing problems?

PP:)

Comodo ran this in the sandbox, do I need to do it again with comodo turned off? Or is this what you needed?

Yeah - that shows what I wanted to see.

Let me put the old thinking cap on and see what I can come up with.

I'll be back Monday evening - hopefully with a good idea of how to proceed.... :)

PP

Am I doing something wrong? yep, feeling quite inept right about now...

No worries!

Just extract PEEK.bat from the attached Zip and RightClick it and "Run as Admin."

That should do it.

PP:)

@ECHO OFF

REG QUERY "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" >>%systemdrive%\Peek.txt
NOTEPAD %systemdrive%\Peek.txt
DEL /Q %systemdrive%\Peek.txt

That is the contents of the text file you downloaded :)

If you save it to the desktop and then change the name, the icon should change to a gear icon. RightClick it and choose the "run as administrator" option and then post me the log.

PP:)

it says the update does not apply to this system...

OK - let's look at something else.

Please download the attached PEEK.txt and save it to the desktop.
-- Rename PEEK.txt to PEEK.bat
-- DoubleClick on PEEK.bat to run it - a log will pop up. Please post that for us.
If it doesn't run or throws an error, you may have ti RightClick it and "Run as Administrator."

PP:)

hey mister goldeneagle4444... im a 20 yr old, n i too had a hard 30 mins keeping with this thread..
but it was worthwhile.. gr8 job philliephan, i would like to think that i gained some knowledge from this thread... :) hope to someday solve problems like this on my own, n be of help as well... :)
thanks for posting ur problm here goldeneagle4444, n once again.. gr8 job philliephan!!
cheers :)
somjit{}

Thanks for the good words :)

Hey Karen,

Try downloading the latest version of Windows installer and see if that helps:

Linky

I am going to look at some other options as well - hang in there!

PP:)

It can only be removed once you have deleted the other files around it (various .exe's) and have restarted AGAIN in windows safe mode with command prompt.

Hey, Sam,

Thanks for the detailed info - much appreciated :)

-- Did you try running a tool such as Combofix?
It can be run via command prompt from a flash drive, if need be...

That may be harder for the malware to block - Of course, you need to have a good understanding of what you are working with when using such a tool....

PP:)

Does anyone have any ideal solutions please? (That doesnt involve installing something)

Hi T.o.d.d,

See if you are able to do this on a working compy:

Create the Ubuntu Live CD as per the instructions in the link.
See if your illcompy will boot it (choose the Try Ubuntu option).
If it boots, let us know.

That's just a "first step" to assess what we may be able to do - there are a number of options to try, but I want to establish a "baseline," as it were.

-- Do you have a Thumb drive to use to transfer/run programs?

I'll be back Saturday evening EST.

Let us know how you fare.

Cheers :)
PP

I didn't try this one again today, just like a 100 times or so in the past week ;)

Just out of curiosity, can you install it in Safe Mode?

Probably won't work because need windows installer.

I think this might be an issue with Comodo - They've had those in the past with their Guard service still running after the firewall was uninstalled.
We'll probably have to look at that and shut it down - Will get back to you tonight after dinner or, if I get dragged out on the town, Saturday evening at the latest...

Judy may chime in in the meantime. Her attention to detail is far greater than mine, so she may see something else blocking the Java install....

Cheers :)
PP

trying the offline manual install again now.

Great - let us know how that shakes out.

I am off to dinner - hopefully back in a few hours.

-- For Judy's benefit, that was the JavaRa log from when the Elluminate tech had you run it a couple days ago, right...

PP:)

Elluminate Live .....

Hi Karen,

I'm going to discuss the Hosts bit with Judy - let's look at Java first.

Please download JavaRa.zip to your Desktop and Extract it to its own folder.

-- Make sure ALL browsers are CLOSED.
-- DoubleClick on JavaRa.exe to run it (or whatever hoops Vista makes you jump through) and then select your language of choice.
-- Click Remove Older Versions.
-- Follow the prompts and a log will pop up - please post that for us.

Then, follow the steps in the linky below to do the manual offline install:

http://www.java.com/en/download/help/windows_offline_download.xml

Let us know any errors along the way. You can use Print Screen button to capture screenshots and open and save them in Paint - may be easier to capure the error messages, if any....

PP:)

Any suggestions?

Hi Stan,

Sounds like you've got yourself quite a mess....

-- I'd definitely see what options the vendor would give you regarding return/exchange /repair for a computer so new.

Also, you can try this:
Create the Ubuntu Live CD as per the instructions in the link.
See if your compy will boot it (choose the Try Ubuntu option).
If it boots, that alone will answer a few questions.

Let us know how you fare - I'll be back Thursday evening EST.

Cheers :)
PP

Thanks for all the help out there....

You're welcome! :)

OMG.... OMG... Whatever you guys had me do worked. I have my desktop back and no longer have to navigate with task manager....

Great!

You were missing C:\Windows\Explorer.exe, as shown in the first log.
Running ExWin restored it for you - just copied it from ServicePackFiles..... Simple as that.

Cheers :)
PP

PhilliePhan here is the log...

Actually, that is the contents of my batch file :)

Open a command prompt with task manager and type: C:\ExWin\RunThis.bat and hit ENTER.
The tool should run and a log will pop up.

I'll be back Sunday evening EST.

Hang in there!

PP:)

OK... I tried to DL the look.zip. I couldnt open it. Remember. All I have is task manager to open things with

My fault! Sorry!

Let's try something I used in a similar thread:
Please download ExWin.exe and run it.
Click "Extract" and it will extract the ExWin folder to C:\ExWin.
Please open that and run RunThis.bat.

Command line to run it is C:\ExWin\RunThis.bat

Anyhoo, once it runs (3-5 minutes), a log will pop up. Please post that for us.
Also, reboot your computer afterwards and see if there is any improvement.

Cheers :)
PP

You guys do know this is a seven year old thread, right? :)

This only happens when I send out my newsletter pages that I've loaded into my browser. The box says that there is a problem. Internet explorer has stopped running.......

My gut response is to say: Use an alternate (and better) browser such as Firefox or Opera!

Of course, that doesn't address you problem with IE :)

So, my suggestion is to reset IE and see if the issue continues.

http://windows.microsoft.com/en-US/windows-vista/Reset-Internet-Explorer-8-settings

Best Luck :)
PP

PS: I'll be making a nice donation to the cause, in thanks to you for your outstanding bedside manner dealing with a crusty old man who's trying to keep up.

Hey, thanks :)
I'm certain it'll be much appreciated!

One of my credos is that life is too short to spend a moment of it cranky.

Cheers,
PP

Trojan Remover.... Now there's a blast from the past - didn't know that was still around!

Yeah - a lot of times malware will re-arrange the registry. Sometimes it will rewrite keys. Other times it will create new keys or delete existing ones.
The trouble is, most of our removal programs often do not deal with this sort of "collateral damage" and users are left to figure that out on their own....

Thank you kindly for your patience with the elderly guy. :)

You're welcome - it was my pleasure. :)

PP

Believe it or not, all of the Windows Based Services -- My Documents, My Pictures, Control Panel, Etc., now open exactly the way they're supposed to! I did a quick check around and didn't find anything that produced the original error message. You done good, my friend!

Hey - that's good to hear! I was starting to wonder what we were missing.

Well, that was relatively painless, wasn't it?

-- Feel free to delete any of the items I had you download.

-- Also, probably a good idea to run another backup of the registry with Erunt now that the keys have been fixed.... Just in the event you run into this problem again.

I'm still curious as to the cause - did you investigate for malware?
I didn't see anything that jumped out at me from the OTL Log - a few minor things we could clean up, if you so desired.

I'm going to bed - will check back Thursday.

PP:)

All three "completed successfully". Rebooted. Ran peek.bat

@ECHO OFF....

You posted the contents of the batch file again :)

No worries - if all completed ok..... Are things working better or are we in the same same boat?

I suspect the problem is still there.
-- When did you first notice it?

Back Thursday evening EST.

PP:)

OK - Let's add the missing keys to the registry and see what shakes out:

Open a command prompt and then Copy&Paste each command in Red into the box one at a time and hit Enter for each:

REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\folder\shell\open\command" /VE /T "REG_EXPAND_SZ" /D "%%SystemRoot%%\Explorer.exe /idlist,%%I,%%L" /F

REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\folder\shell\explore\command" /VE /T "REG_EXPAND_SZ" /D "%%SystemRoot%%\Explorer.exe /e,/idlist,%%I,%%L" /F

REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\drive\shell\find\command" /VE /T "REG_EXPAND_SZ" /D "%%SystemRoot%%\Explorer.exe" /F

Let me know if you get any error messages.
Then, Reboot and run PEEK.bat again for me to verify the new Registry entries. Please post that log and let me know if that helps at all.

Cheers :)
PP

I got two message. One in the DOS box that said "The system was unable to find the specified registry key or value".

The other box that opened contained this:.....

Great! - That's what we were looking for.

-- Some of the keys were indeed missing as noted in the OTL log - error message you just got confirms that. I'll put together a fix to reinstate them. Though, I am not sure that will fix the problem at hand.....

I have to head out for a bit - will post back late tonight or tomorrow evening.

Cheers :)
PP

I get exactly the same results as the first try.

Hmmm - that could be a symptom of the overlying problem.

Let's do this just to be sure:
Download the attached PEEK.zip and extract PEEK.bat from the zip to the desktop.
Run PEEK.bat and see if the log pops up and we'll go from there.

-- Even if that doesn't work, I think I'll go ahead and put together a "fix" for what I expect the log to show.

PP:)

That's the content of the text file. :)

Try it again - Click on the PEEK.txt attachment and choose "Save File" and save it to the desktop.
-- As you save it, where it says "File Name," change PEEK.txt to PEEK.bat
Or, you can save it to the desktop as PEEK.txt and then change the name.

Then, once PEEK.bat is on the desktop, DoubleClick it to run it and produce the log.

Hang in there - we'll get it!

OK - this ought to be easier:

Download the attached PEEK.txt and save it to the desktop
-- RightClick it and rename it to PEEK.bat
-- DoubleClick on PEEK.bat to run it.
A log will pop up - please post that for me. Let me know if you run into any problems with this.

PP:)

I'm tempted to call this solved and can notify you otherwise if something crops up. Not sure why it won't run ComboFix, etc. . . . .Again, I must thank you for your time and effort on this one, PP!!!!

You're welcome - Happy to help!

I am not sure why combofix did not complete. Sometimes it's a mystery.
I do not see anything that jumps out at me from the logs. Do you see anything that looks out of the ordinary to you?

-- Rename scvhost.com back to combofix.exe
-- Run OTL and click the "cleanUp" tab to remove the tools we used.

You can also delete these, should they remain:
C:\FCIV.exe
C:\Documents and Settings\BJ\Desktop\FCIV.exe
C:\Documents and Settings\BJ\Desktop\RunThis.bat
C:\FDSV.EXE
C:\PEEKTEMP
C:\Documents and Settings\BJ\Desktop\FDSV.EXE

Keep an eye on things and let me know if any further problems crop up. I don't think we missed anything important, but my eyes aren't what they used to be.....

Cheers :)
PP

Also, see if you can locate the OTL Extras Text log and post that for me - should be on the Desktop with OTL.exe
Perhaps in OTL Folder?

PP:)

ERUNT is on board and running.

So you were able to use it to backup the registry with no problems?

I did the above and nothing happened. The cursor simply dropped down as though it wanted another command.

Right - The log will be at C:\log.txt . Just navigate to that and post the Log.txt.

Actually, let's do this:
Fire up another command prompt and type or Copy&Paste the commands in red (being careful of the spaces if you type them):

REG QUERY "HKEY_CLASSES_ROOT\Exefile\Shell\Open" >>C:\Log.txt
Hit ENTER
REG QUERY "HKEY_CLASSES_ROOT\Exefile\Shell\Open\Command" >>C:\Log.txt
Hit ENTER
Notepad C:\Log.txt
Hit ENTER

This will add to the existing C:\log.txt and should pop the log right up for you - copy and paste the contents for me.
-- This is curious - the values look OK in the OTL log + you are able to run the programs, just not form those locations.

Hang in there :)
PP

I would still do a backup of the registry before you do anything but you most likely would do that anyway.

That is definitely something to consider if we do anything drastic there. ERUNT is a good tool for that.

I'm retired, so any time you can help, I'll be here. Thanks!

Great - these problems sometimes take a while to figure out. With any luck, we'll both learn something in the process :)

Open a command prompt and type:
assoc >>C:\log.txt ENTER

Please copy&paste the C:\log.txt for me.

Note: the command is assoc <space>>>C:\log.txt

Let's see what that says - I think I might be barking up the wrong tree, though.

-- Did you try changing the file associations via Folder Options > File Types Tab?

I'll check it tonight when I get home.

PP:)

A software pgm that monitored startup programs. I tried it; didn't like it and removed it.

Looks like that left some damage in a critical part of the registry. Let's do this:

Open a command prompt and type or Copy&Paste the following:

REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /V "Userinit" /D "C:\WINDOWS\system32\userinit.exe," /F

Then, hit Enter and then REBOOT your machine and let me know if that helped.

Probably best to copy&paste, if possible so there are no errors.

If you type it, be advised that there are spaces in the command and all the punctuation is necessary:

REG <space> ADD <space> "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" <space> /V <space> "Userinit" <space> /D <space> "C:\WINDOWS\system32\userinit.exe," <space> /F

Let me know how that all shakes out and if you had any problems along the way - I'll have to check back Wednesday evening EST.

Best Luck :)
PP

Yes, I tried System Restore as one of my first efforts to cure the problem. I tried all of the available dates listed...to no avail.

Two quick questions:

-- What is this?
C:\Program Files\Soluto

-- Can you get a command prompt?
START > RUN > type CMD and hit Enter

I've run this same machine for 11 years and figured out how to solve any and all problems to date, but this one has me beating my head against the wall. I'll await further instructions from PhilliePhan.

I am going to need some time to run through the log - bit overextended at the moment.
With any luck, one of the other volunteers can chime in. If not, no worries - I will get back to you as soon as I am able.

-- Did you try a System Restore? Is that a viable option for you? Do you need help with that?
In cases such as this, it is usually a good place to start.

Hang in there :)
PP

Far too complicated for this old man. I guess I'm a hopeless cause, huh? Thanks for your time, anyway.

Nah - nobody is hopeless :)

Hang in there - we can talk you through most of this stuff, if need be.

-- Did you try System Restore and restoring your computer to a time when all was working as it should?
That would be a good step - let us know if you need help trying that.

Also, try this:
Download OTL.exe to the Desktop.
-- Run it and click Scan All Users and then hit Quick Scan and post me the Two resulting logs. They should open automatically in notepad. They should also be saved next to OTL.exe

Just copy and paste them into the thread here for us.

PP:)

If this is the wrong forum, I apologize. I have absolutely no clue as to where this query should go.

I moved your post to the Spyware forum - seems a good place to start.

See if you are able to run the tools in the linky below and post the scanlogs.

http://www.daniweb.com/forums/thread134865.html

Let us know if you run into any problems. I or another volunteer will check back as time permits.

Cheers :)
PP