Posts by PhilliePhan

Thanks again for taking the time.

Merry Christmas!!

Merry Christmas to you as well!
Happy to help.... 'Tis the season, after all :)

At quick glance, that looks better. How are things running?

** Please follow up with an ESET Online Scan and post the results.

-- Also, since nothing particularly evil jumped out at me from the combofix log, you can probably go ahead and uninstall combofix as per the linky below:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix#uninstall

I'll check back as time permits.

PP:)

Hi dapesche,

Please follow the steps in the linky below to run combofix and post the log for us:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Be sure to install the recovery console.

-- I or another volunteer will check back as time permits. The holidays are a bit hectic, so it may be slow going....

Cheers :)
PP

Many thanks for replies. How do I upload mavinst.exe (found in C:\Program Files\mavinst.exe) to virusscan.jotti.org to be scanned?

Just go to Jotti or virustotal and click the browse button to navigate to the file and then click submit.

PP:)

RightClick mavinst.exe and check the properties for ID info.

Due to the location of the file/folder, this is likely a component of a rogue anti-spy app.

You ought to upload mavinst.exe to http://virusscan.jotti.org/en for analysis and post back with the results.

Cheers :)
PP

Hi Miranda,

It would be best if you tried to complete the steps in the linky below and post the requested scanlogs:

http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/134865

Do the steps as best you can - they really aren't too formidable. At the very least, do the MBAM scan and have it remove what it finds and then post the log for us.

I or another volunteer will try to check back as time permits.

PP:)

A new Sticky Post detailing our Spyware Forum policy is now in place.

Forum Rules and Policy for First Responders
-- Any and all feedback is welcome. Just PM me with comments and concerns.

I think it is pretty clear, but I'll hit the main points again:

1) Our forum is OPEN and the majority here would like to keep it that way. Most other forums are not and they require a vetting process or some other proof of ability before people are allowed to offer advice.
Personally, I'd rather allow knowledgeable and willing volunteers to post and have the moderating team guide them if they are going in the wrong direction.

And, yes - there are many wrong directions and it is not egotistical to point them out. And, quite frankly, even those of us who have been doing this for years have had to shed some of our bad habits over that time (disabling System Restore before cleaning / forcing Safe Mode, etc...).

2) We like to have all people who request assistance run our Read Me First Sticky post steps in order to establish a plan for further cleaning. That is pretty much the way it is in every forum these days. We try to keep the steps simple and up to date.

3) Generally, telling a person to run "such and such" scanner does not help. The tools in the Read Me First are …

access is denied.
thx anyway :)

Try an elevated command prompt:

Click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator to open an Elevated command prompt.

Then try the command I posted earlier - Basically, I just want to check and see if WMP is already running. If it is, then trying to open a new instance will result in what you are experiencing.
You can also open Task Manager and look for the running process....

PP:)

EDIT:

Also, while the Elevated prompt is open, try this.

Type:
regsvr32 wmp.dll ENTER
regsvr32 jscript.dll ENTER
regsvr32 vbscript.dll ENTER

You should get a confirmation of success each time. Note that there is a space after regsvr32.

-- Do this before trying Caperjack's suggestion. If this bears no fruit, then try SFC....

"you must be an administrator running a console session in order to use the sfc utility " what do i do with this?

Can you open a command prompt and type:
tasklist >> C:\look.txt ENTER

There is a space -- > tasklist <space> >>

Then, please post the C:\look.txt

PP:)

Any ideas out there. I am using Outlook with Windows98.

I haven't used Outlook in many years, but if I remember correctly, this setting can be toggled on or off using the Out Of Office Assistant under the Tools menu in Outlook.
Or, have you tried that already?

I'm pretty sure that is where to enable/disable the feature, but I could be mistaken....

Best Luck :)
PP

Please tell me if there are negative factors of these tricks (I am saying this because i am not sure about Step 1. I have created Sys-Restore after installing my XP [4 years ago] and i haven't re-installed my OS or used system restore after that because my PC works fine)

Step one is not accurate - Really won't help you to recover from a significant malware infestation.

In all honesty, I would recommend buying a 2nd hard drive (they are cheap these days) and running a clone of your OS. That is what I do and it has made life much easier...

In fact, just last week my 8 year old Dell threw one of those nasty config\system corrupted errors and would not boot. The solution is usually to boot the XP disk and run a repair. I could have done that, but I'd have been forced to use an 8 year old system.exe and that would've presented a hassle (lots of updating).

Instead, I just wiped the drive and installed a fresh clone from my drive of backups.

Also, I recommend NOT using a separate partition as your main backup in the event of disk failure. But, if you've got the disk space, regular backups to a "backup partition" makes this system even more convenient....

Cheers :)
PP

And your DNS lookup is via Comodo, not your ISP. Gee, they are taking over your internet. You really should use the DNS servers given by your ISP.

Gotta disagree with you, my friend :)

Comodo is a really solid FREE security suite. I challenge anyone to find a comparable one that offers all that Comodo does. For free.
I don't recommend things I have little confidence in....

http://www.comodo.com/secure-dns/

For the record, I do not believe that this is a malware issue or solely a Comodo issue, per se. I agree with Judy that something is definitely borked and, if all important data is able to be backed up and the recovery disks are available, a fresh install is probably easiest and least time-consuming.

Like Judy, I too prefer to get to the heart of a mystery - but my time constraints are such that it really isn't feasible and all the waiting between posts really does Karen a disservice.
For that, I apologize.

PP:)

So, I updated to the newest version of firefox today and java is now updated and working. So weird right? Why wouldn't it work in any other browser if it was a firefox issue? I always update firefox when it tells me to... Wow, :o maybe it won't stop again! fingers crossed

Wow - that's bizarre....

But, hey, I'm not going to question it! :) Just take it and mutter a quick thank you to the computer gods and go about my business!

Honestly speaking, experimenting with different browsers' online install was way down on my list of things to try from the beginning.
And, the fact that other versions installed with no problem really threw me for a loop.

-- I still doubt it's a Firefox "issue" - otherwise there'd be a lot of other documented instances. Could be something on your compy interacting with Firefox in a weird way...... But, there I go questioning the computer gods. I'll shut up now :)

PP

Oh, sorry I missed this earlier. I was thinking if we couldn't find a way to make it work, I would do a new backup on the external hard drive and wipe it if I need to. So we could try this first. I am having a great deal of difficulty finding any kind of an answer or support. Java does a hire-an-expert support kind of thing, pay a specialist online and let them take over your computer virtually. My daughter can do this on the mac, but unfortunately for me she doesn't know windows :(

HA!
I'm not sure that if you took your machine to Microsoft that they could tell you what the problem is..... :)

Or worse, we are probably overlooking something so simple that they'd laugh us out the door.

-- Did you download Process Explorer that I mentioned earlier? I'm curious about something:
Try running process explorer in an open window while you attempt the Java install. The installer should pop up in the running processes (msiec.exe - if I recall).
See how long it runs before it terminates. When it terminates, it should flash red and disappear.

Try it a few times - when msiec appears, highlight it in process explorer and RightClick it and select "Launch Depends" which will launch Dependency Walker - see if there are any obvious errors highlighted in red and let me know.

Let me look around to see if I can …

Oh, it's no problem, I understand about being busy. I hate that this is such a puzzle.

-- Super Moon was neat. Hope you guys got a good view.

I am not certain how best to proceed. If I had the compy in front of me, I'm sure I'd be riffing and trying all manner of things the moment they hit my brain - the "throw a bunch of stuff at the wall and see what sticks" method, I guess.

I don't know if trying it again would produce a useable log - I suppose we could try a command line install that specifies log output, but I think we tried that before...
The error messages are a bit vague (as they usually are). I think what is throwing me is that the installation problem only affects latest JRE. That would seem to rule out MSI issues - or maybe I am wrong. LOL! Arrrggh!

-- Would you like to try the Windows Installer Cleanup Utility?
http://majorgeeks.com/download.php?det=4459

See if it finds any Java-related items to remove.

I do not believe Microsoft supports this anymore due to its volatile nature - has been known to occasionally damage some programs. I've never had this happen when I've recommended its use, but everything has a first time.....
Strictly up to you if you want to give it a go.

-- I am wondering if Oracle has any sort of support forum for this?

no luck, I did all of the above and it ran for over an hour then just disappeared

Crap!

I am running out of ideas - I wish we could find an install log that could throw some light on why the new JRE won't install. I don't know what could be blocking it given the deactivation of Comodo and the attempts in safe mode....

Could you please attach these again for me:

c:\users\Auberey\AppData\Local\Temp
MSI*****.log
java_install.log
jusched.log

They should show the last attempt..... I hope. It would be nice if we could find something to point us in the right direction.

I'll try to check back in a timely manner, but I have been swamped lately and my forum time is very limited.

PP:)

I really don't know that this is going to help given what we have and have not been able to accomplish thus far.
I'd like to run the Microsoft Windows Installer CleanUp Utility, but that might do more harm than good. It's been known to be a bit destructive.

Let's do this first:
Download ATF Cleaner

• Double-click ATF-Cleaner.exe to run the program.
• Click Select All found at the bottom of the list.
• Click the Empty Selected button.

If you use Firefox browser, do this also:

• Click Firefox at the top and choose Select All from the list.
• Click the Empty Selected button.
• NOTE : If you would like to keep your saved passwords, click No at the prompt.

If you use Opera browser, do this also:

• Click Opera at the top and choose Select All from the list.
• Click the Empty Selected button.
• NOTE : If you would like to keep your saved passwords, click No at the prompt.

Click Exit on the Main menu to close the program.

THEN:

Download the attached RemoveIt.Zip and Extract the folder from the zip.
In the folder, RightClick RunThis.bat and Run As Administrator. It ought to run very quickly.
Let me know if there are any errors.

Reboot.

Then, use Firefox to attempt the online install of the latest Java package and let me know how that shakes out.

Best Luck :)

Hi Karen,

I'm back - sorry for the delay.

I will have a look at those and post something tonight.

PP:)

the remove programs removed it but there is still Java in other places from trying to update it and install it, does that matter?

Not at the moment.
I'm going to try to put together something that will remove all traces of it from the machine and then we can try again.

Please download Bill James’ RegSrch

Extract it from the ZIP to your Desktop and DoubleClick regsrch.vbs
-- if your AV has script blocking, you’ll need to allow this to run
When the dialog box opens, type Java and Click OK.

You’ll need to save the log that pops up in Wordpad and then submit it for me.

Then, do the same for the phrase "Jre" and post that one as well.

If they are very large, please just zip them and attach them.

-- This is really mind boggling to me that older versions can be installed with no problem. There just doesn't seem to be any logic to it.....

PP:)

I am not seeing anything helpful...

-- Please go into Add/Remove Programs and remove All installed Java.
Then, please open an elevated command prompt and type:
dir /a /s Java.* >>C:\peek.txt ENTER

Let it finish and please post the peek.txt. Then you can delete C:\peek.txt.

PP:)

nope, got this error message installation of Java Platform update was not completed.

Drat!

See if you can get me all of those logs again:
MSI*****.log
java_install.log
jusched.log

Just Zip them and attach them to your post using the Manage Attachments button.

This is just bizarre that you can install the older versions with no problem.

-- Maybe you could try the latest Java Development Kit?

Anyhoo, I'll look at some things over the weekend - Judy had a few ideas I am going to try to follow up on.

Just attach those logs and I'll get back to you as soon as I can.

Happy Weekend :)
PP

ok it worked; and now I see both MSI documents but they are too big, want me to break them up and post them anyway?

No - that's not necessary if the older version installed with no problem.
-- You didn't get any error messages, right?

Look in Program Files\Java Folder\Jre5\bin and run javacpl.exe.
Click the "Update" Tab and then click "Update Now" and let me know what happens.
See if the latest update will install now....

oh and thanks for the app info!

You're welcome - hope it helps :)

PP

yes, Arrrgh! is right, access denied, same error, I copied and pasted it and typed it a second time just to be sure

Allrightythen!

Let's try a few things. It would really help if we could get an error to reference or some logs.

A) First, please look in c:\users\Auberey\AppData\Local\Temp for the following logs and attach them if found:
MSI*****.log
java_install.log
jusched.log

B) Then, please download and attempt to install Java SE Runtime Environment 5.0u22
Let me know of any errors or problems. Be sure to get the correct installation package for your machine.
After install attempt, please repeat step A and look for and post those logs, if found.

If and only if B fails, please download and try to install Java SE Runtime Environment 1.4.2_19

Same drill as before regarding errors and problems. Also, look again for the logs an post them.

With any luck, we can get one of the old packages to install and then update it.....

I'll check back as soon as possible - work is piling up as it usually does heading toward the weekend...

-- Regarding the App writing question, you might post a note with the relevant details here:
Project Partners Wanted

Cheers :)
PP

ok, got an error, it says, not a valid Win32 application

Arrrgh!

OK - let's go in this direction:

Please open an elevated command prompt.
Type: CD C:\ ENTER
Type:jre-6u24-windows-i586-s.exe /s /L C:\javalog.txt ENTER

Note: jre-6u24-windows-i586-s.exe <space> /s <space>/L <space>C:\javalog.txt

See if that runs....

PP:)

so it didn't run at all...

Jeez - my fault again. I should've said click START > RUN > copy&paste C:\jre-6u24-windows-i586-s.exe /s /L C:\javalog.txt ENTER

I had command prompt on the brain, I guess.

-- Comodo is Off, right?

PP:)

jre-6u24windows-i586-s

pasted it to program files, it wasn't there, it is only on the desktop and in downloads

OK - Please copy that to the C:\ Drive (just for my convenience) so we have:
C:\jre-6u24-windows-i586-s.exe

Then, open an elevated command prompt and type or Copy&Paste:
C:\jre-6u24-windows-i586-s.exe /s /L C:\javalog.txt ENTER

Let it run for a bit. It may help to open Process Explorer before running the command - look and see in the processes if the Java installer is running or if it stops.

-- Then, please post the contents of C:\javalog.txt once the process finishes.

-- Do you still have Comodo disabled during the install process? That's probably a good idea to disable it for these attempts.

PP:)

GRRR, nothing but the spinning blue wheel, it hates me ;)

OK- Let me break out the thinking cap and see what I can come up with.

In the meantime, please download Process Explorer and extract the folder from the ZIP to the Desktop.

-- Also, what is the Exact name of the Offline Java install package?
For example: jre-****_mar_2011.exe

Please copy and paste it to C:\ Drive if it is not already there.

PP:)

Ok, says it was successful.

Great - Now try the Java installer again.
RightClick it and "run as administrator" just to be on the safe side.

Let's see what happens - let me know of any errors.

PP:)

hmmm, I ran it as an admin earlier, I did a screen shot so I went back and checked it; this time it says invalid parameter "Data"

Since application data is two words, it needs quotation marks .. . . This is what happens when I am doing 10 things at once.....

Try this:

icacls "C:\Users\Auberey\Application Data" /grant Everyone:(D,WDAC) and hit ENTER.

PP :)

no text log but this is what came up in the command prompt. . . .

Bleh...

OK - let's do this:

Please open an Elevated Command Prompt.

Then, copy and paste the following:

icacls C:\Users\Auberey\Application Data /grant Everyone:(D,WDAC) and hit ENTER.

See if there are any error messages or a "completed successfully" message and let me know.

PP:)

I've tried it with it turned off previously but I'll try it again. Honestly I usually leave it off most of the time due to an inability to name my own files in Adobe. I turned it on per the java tech's recommendation. He said it might work on instead of off. Doing the rest now.

I think we are going to run into the same problem we had last time, but let's give this a try:

Open an Elevated command prompt and copy and paste:
cacls "C:\Users\Auberey\Application Data" /GE:F and hit ENTER
Let me know if there's an error message.

If no message or it says something like "completed successfully," please try the Java install again with the offline install package.

Also, you can probably safely delete all of these - doubt they'll be needed again:

C:\ComboFix.txt
C:\JavaRa.log
C:\Logit.txt
C:\Look.txt
C:\mbam-error.txt
C:\RegKey.txt

I'm out for a bit - will check back later tonight or tomorrow.

PP:)

OK - that helps.

-- What happens if you disable Vista's UAC and then try the Java install?

Also, it looks as though some of our old logs from last time remain on the machine - you can delete those.
Open a command prompt and type dir C:\ >>C:\Look.txt and hit ENTER and then post the C:\look.txt for me and we'll get rid of those old logs.

PP:)

thanks PP!

This is a bit difficult given that the install just stops and there are no error messages.

-- Is your Vista 32 or 64-bit? I can't remember....

-- Open a command prompt and copy&paste:
cacls "%userprofile%\application data" >>C:\logit.txt and hit ENTER
Please navigate to C:\logit.txt and post that for me.
You may need an elevated command prompt to get it to run properly in Vista.

-- Also, please try the installation of the offline Java package again. Even if it doesn't seem to be doing anything, let it go for a bit.
Then, if still no joy, please download and run This Tool.
It should place a shortcut on the desktop - run that to produce the log and please post that for me.

Cheers :)
PP

Comodo ran this in the sandbox, do I need to do it again with comodo turned off? Or is this what you needed?

Yeah - that shows what I wanted to see.

Let me put the old thinking cap on and see what I can come up with.

I'll be back Monday evening - hopefully with a good idea of how to proceed.... :)

PP

Am I doing something wrong? yep, feeling quite inept right about now...

No worries!

Just extract PEEK.bat from the attached Zip and RightClick it and "Run as Admin."

That should do it.

PP:)

@ECHO OFF

REG QUERY "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" >>%systemdrive%\Peek.txt
NOTEPAD %systemdrive%\Peek.txt
DEL /Q %systemdrive%\Peek.txt

That is the contents of the text file you downloaded :)

If you save it to the desktop and then change the name, the icon should change to a gear icon. RightClick it and choose the "run as administrator" option and then post me the log.

PP:)

it says the update does not apply to this system...

OK - let's look at something else.

Please download the attached PEEK.txt and save it to the desktop.
-- Rename PEEK.txt to PEEK.bat
-- DoubleClick on PEEK.bat to run it - a log will pop up. Please post that for us.
If it doesn't run or throws an error, you may have ti RightClick it and "Run as Administrator."

PP:)

Hey Karen,

Try downloading the latest version of Windows installer and see if that helps:

Linky

I am going to look at some other options as well - hang in there!

PP:)

I didn't try this one again today, just like a 100 times or so in the past week ;)

Just out of curiosity, can you install it in Safe Mode?

Probably won't work because need windows installer.

I think this might be an issue with Comodo - They've had those in the past with their Guard service still running after the firewall was uninstalled.
We'll probably have to look at that and shut it down - Will get back to you tonight after dinner or, if I get dragged out on the town, Saturday evening at the latest...

Judy may chime in in the meantime. Her attention to detail is far greater than mine, so she may see something else blocking the Java install....

Cheers :)
PP

trying the offline manual install again now.

Great - let us know how that shakes out.

I am off to dinner - hopefully back in a few hours.

-- For Judy's benefit, that was the JavaRa log from when the Elluminate tech had you run it a couple days ago, right...

PP:)

Elluminate Live .....

Hi Karen,

I'm going to discuss the Hosts bit with Judy - let's look at Java first.

Please download JavaRa.zip to your Desktop and Extract it to its own folder.

-- Make sure ALL browsers are CLOSED.
-- DoubleClick on JavaRa.exe to run it (or whatever hoops Vista makes you jump through) and then select your language of choice.
-- Click Remove Older Versions.
-- Follow the prompts and a log will pop up - please post that for us.

Then, follow the steps in the linky below to do the manual offline install:

http://www.java.com/en/download/help/windows_offline_download.xml

Let us know any errors along the way. You can use Print Screen button to capture screenshots and open and save them in Paint - may be easier to capure the error messages, if any....

PP:)

OMG.... OMG... Whatever you guys had me do worked. I have my desktop back and no longer have to navigate with task manager....

Great!

You were missing C:\Windows\Explorer.exe, as shown in the first log.
Running ExWin restored it for you - just copied it from ServicePackFiles..... Simple as that.

Cheers :)
PP

PhilliePhan here is the log...

Actually, that is the contents of my batch file :)

Open a command prompt with task manager and type: C:\ExWin\RunThis.bat and hit ENTER.
The tool should run and a log will pop up.

I'll be back Sunday evening EST.

Hang in there!

PP:)

OK... I tried to DL the look.zip. I couldnt open it. Remember. All I have is task manager to open things with

My fault! Sorry!

Let's try something I used in a similar thread:
Please download ExWin.exe and run it.
Click "Extract" and it will extract the ExWin folder to C:\ExWin.
Please open that and run RunThis.bat.

Command line to run it is C:\ExWin\RunThis.bat

Anyhoo, once it runs (3-5 minutes), a log will pop up. Please post that for us.
Also, reboot your computer afterwards and see if there is any improvement.

Cheers :)
PP

All three "completed successfully". Rebooted. Ran peek.bat

@ECHO OFF....

You posted the contents of the batch file again :)

No worries - if all completed ok..... Are things working better or are we in the same same boat?

I suspect the problem is still there.
-- When did you first notice it?

Back Thursday evening EST.

PP:)

OK - Let's add the missing keys to the registry and see what shakes out:

Open a command prompt and then Copy&Paste each command in Red into the box one at a time and hit Enter for each:

REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\folder\shell\open\command" /VE /T "REG_EXPAND_SZ" /D "%%SystemRoot%%\Explorer.exe /idlist,%%I,%%L" /F

REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\folder\shell\explore\command" /VE /T "REG_EXPAND_SZ" /D "%%SystemRoot%%\Explorer.exe /e,/idlist,%%I,%%L" /F

REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\drive\shell\find\command" /VE /T "REG_EXPAND_SZ" /D "%%SystemRoot%%\Explorer.exe" /F

Let me know if you get any error messages.
Then, Reboot and run PEEK.bat again for me to verify the new Registry entries. Please post that log and let me know if that helps at all.

Cheers :)
PP

I got two message. One in the DOS box that said "The system was unable to find the specified registry key or value".

The other box that opened contained this:.....

Great! - That's what we were looking for.

-- Some of the keys were indeed missing as noted in the OTL log - error message you just got confirms that. I'll put together a fix to reinstate them. Though, I am not sure that will fix the problem at hand.....

I have to head out for a bit - will post back late tonight or tomorrow evening.

Cheers :)
PP

I get exactly the same results as the first try.

Hmmm - that could be a symptom of the overlying problem.

Let's do this just to be sure:
Download the attached PEEK.zip and extract PEEK.bat from the zip to the desktop.
Run PEEK.bat and see if the log pops up and we'll go from there.

-- Even if that doesn't work, I think I'll go ahead and put together a "fix" for what I expect the log to show.

PP:)

That's the content of the text file. :)

Try it again - Click on the PEEK.txt attachment and choose "Save File" and save it to the desktop.
-- As you save it, where it says "File Name," change PEEK.txt to PEEK.bat
Or, you can save it to the desktop as PEEK.txt and then change the name.

Then, once PEEK.bat is on the desktop, DoubleClick it to run it and produce the log.

Hang in there - we'll get it!

OK - this ought to be easier:

Download the attached PEEK.txt and save it to the desktop
-- RightClick it and rename it to PEEK.bat
-- DoubleClick on PEEK.bat to run it.
A log will pop up - please post that for me. Let me know if you run into any problems with this.

PP:)

Also, see if you can locate the OTL Extras Text log and post that for me - should be on the Desktop with OTL.exe
Perhaps in OTL Folder?

PP:)