CANNOT access updates
- Thread starter AKILLSUX
- Start date
Sorry do have a few additional worries,Still unexplained temp files perflib perfdata,and some with names like ~DF6ADF,anything to worry about?
Avast icons option is ticked
In the received files where I keep my logs a couple of .js files I definitely did not save there.
A new file on the C drive called QooBox( 27mb),no idea about that
Heaps of Temp Internet files in my Local Settings????
Avast icons option is ticked
In the received files where I keep my logs a couple of .js files I definitely did not save there.
A new file on the C drive called QooBox( 27mb),no idea about that
Heaps of Temp Internet files in my Local Settings????
perflib perfdata,and ~DF6ADF, are perfectly normal and every computer has them
The .js files are likely to be Java Script files for sites that you visit
QooBox is part of ComboFix, and we will remove that shortly
Heaps of Temp Internet files. Every time you connect to the web you will get those type of files. I will give you links to a couple of programs shortly that can help you remove unwanted junk.
Any other problems ?
The .js files are likely to be Java Script files for sites that you visit
QooBox is part of ComboFix, and we will remove that shortly
Heaps of Temp Internet files. Every time you connect to the web you will get those type of files. I will give you links to a couple of programs shortly that can help you remove unwanted junk.
Any other problems ?
I am on slow dial up no router,I am sole user and administrator of a standalone computer.System restore appears to be broken,get a message saying "system restore can no longer protect your computer,please restart etc"Avast did delete a trojan from there a while back
Flushed DNS cache,got to the Java page,downloaded and have the file ready to install....but the old Java files do NOT want to uninstall...in add/remove programs I get a variety of popup messages,the jusched.exe which i was suspicious about,can't be removed
Also can't remove an adobe reader update,remove option is missing
Flushed DNS cache,got to the Java page,downloaded and have the file ready to install....but the old Java files do NOT want to uninstall...in add/remove programs I get a variety of popup messages,the jusched.exe which i was suspicious about,can't be removed
Also can't remove an adobe reader update,remove option is missing
Re. "system restore can no longer protect your computer,please restart",
Have you tried restarting ?
Have you tried turning system restore off then back on ?
Please do the following
Reset System Restore.
Now you should disable System restore to purge any infected files and then re-enable it,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Restart your computer
Turn ON System Restore
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Un-Check Turn off System Restore.
Click Apply, and then click OK.
Have you tried restarting ?
Have you tried turning system restore off then back on ?
Please do the following
- Please download FixPolicies.exe by Bill Castner and save it to your desktop.
- Double click on FixPolicies.exe to run it.
- Click on Install. It will create a folder named FixPolicies on your desktop.
- Open the FixPolicies folder.
- Double click on Fix_policies.cmd to run it. Command Prompt will open and close quickly; this is normal.
Reset System Restore.
Now you should disable System restore to purge any infected files and then re-enable it,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Restart your computer
Turn ON System Restore
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Un-Check Turn off System Restore.
Click Apply, and then click OK.
Deckard's System Scanner (DSS)
Please download Deckard's System Scanner (DSS) to your Desktop.
Note: You must be logged onto an account with administrator privileges.
Please download Deckard's System Scanner (DSS) to your Desktop.
Note: You must be logged onto an account with administrator privileges.
- Close all applications and windows.
- Double-click on dss.exe to run it, and follow the prompts.
- When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
- Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply
Got system restore back,it had been disabled in the services(not by me!)Just need to get rid of the old Java,can show a log of the rundll.exe strings running when I get the error messages in the control panel,if that is of any use
Also I note that the Java Runtimes I have installed are 3 huge files,yet the update I downloaded is only 15mb approx,is that normal?
Also I note that the Java Runtimes I have installed are 3 huge files,yet the update I downloaded is only 15mb approx,is that normal?
Please download JavaRa and unzip it to your desktop.
***Please close any instances of Internet Explorer before continuing!***
You will now need to reinstall Java. If you deleted the installer please do the following.
Download and install Java Runtime Environment (JRE) 6 Update 7.
***Please close any instances of Internet Explorer before continuing!***
- Double-click on JavaRa.exe to start the program.
- From the drop-down menu, choose English and click on Select.
- JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
- Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
- A logfile will pop up. Please save it to a convenient location.
You will now need to reinstall Java. If you deleted the installer please do the following.
Download and install Java Runtime Environment (JRE) 6 Update 7.
Hi again,the tool cleaned up some of the older versions,but when I go to Program Files,there is a 67mb file jre1.5.0_10.Should I try manually deleting,was able to remove 2 instances of jusched.exe from there manually.Also as I mentioned before,the earlier Java folders were huge,the update is only about 16mb,is there a reason for that?And how do I find the java control panel easily?One of the reasons I got so out of date is that I never saw anything to update!Same applies to all my other out of date programs...everyone should go to Secunia to check this out
On the same subject,my I tunes is out of date,I don't use it,is there anyway of uninstalling it,also an Adobe reader update,which is in add/remove programs with no option to remove,I can't find the file anywhere,and Adobe Reader did have a trojan quarantined by one of my security programs,a while back
I know you have spent so much time on my problems,it is so good of you,also what do you think caused them,given i am so cautious when on the web,and always run up to date security.
And sorry,one more thing,should the MS update CD for XP SP3 work now?
On the same subject,my I tunes is out of date,I don't use it,is there anyway of uninstalling it,also an Adobe reader update,which is in add/remove programs with no option to remove,I can't find the file anywhere,and Adobe Reader did have a trojan quarantined by one of my security programs,a while back
I know you have spent so much time on my problems,it is so good of you,also what do you think caused them,given i am so cautious when on the web,and always run up to date security.
And sorry,one more thing,should the MS update CD for XP SP3 work now?
We can get to that in a moment.
It depends which package you downloaded, the full install or just the runtime environment
Start >> Control Panel >> Java
Have you tried Add/Remove Programs ?
Which Adobe is it ? There is no Adobe Reader in your original uninstall list.
It could have been almost anything.
Let's leave that for the moment, until we have sorted the other problems.
Create A Batch File
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.
Save it as "All Files" and name it look.bat Please save it on your desktop.
Double click on look.bat
Please be patient, as this will search the entire disc
Notepad will open, please copy/paste the results here.
Hello,to clarify the above
I downloaded the Java installation as you directed,the file is jre6u7windows i586.p.exe
The Adobe Reader update might not have appeared on the uninstall program list,but is at the top of the Add/Remove list...,Adobe reader 6.0.2 update,a 5.64mb file with no option to remove,I have removed the rest of the Adobe reader when I had the trojan.
I tunes looks like it is being removed when I use that option,but it always comes back
Look.bat only ran for a minute or two,and the log is
Adobe
Java
I downloaded the Java installation as you directed,the file is jre6u7windows i586.p.exe
The Adobe Reader update might not have appeared on the uninstall program list,but is at the top of the Add/Remove list...,Adobe reader 6.0.2 update,a 5.64mb file with no option to remove,I have removed the rest of the Adobe reader when I had the trojan.
I tunes looks like it is being removed when I use that option,but it always comes back
Look.bat only ran for a minute or two,and the log is
Adobe
Java
Do you get any error message when you try to uninstall Itunes ?
Create A Batch File
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.
Save it as "All Files" and name it look.bat Please save it on your desktop.
Please be patient, as this will search the entire disc
Notepad will open, please copy/paste the results here.
Create A Batch File
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.
Save it as "All Files" and name it look.bat Please save it on your desktop.
Double click on look.bat
Please be patient, as this will search the entire disc
Notepad will open, please copy/paste the results here.
Hi again,result this time
Adobe
c:\documents and settings\all users\application data\adobe
c:\documents and settings\all users\application data\adobe\photoshop elements\how-tos\4.0\en_us\recipes\adobe
c:\documents and settings\hp_administrator\application data\adobe
c:\documents and settings\hp_administrator\application data\macromedia\flash player\#sharedobjects\ghg4hql3\adobe.com
c:\documents and settings\hp_administrator\local settings\application data\adobe
c:\documents and settings\hp_administrator\my documents\my pictures\adobe
c:\program files\adobe
c:\program files\common files\adobe
c:\program files\common files\adobe\typespt\unicode\mappings\adobe
c:\windows\system32\adobe
Java
c:\documents and settings\hp_administrator\application data\sun\java
c:\program files\java
c:\program files\common files\java
c:\program files\gimp-2.0\share\gimp\2.0\patterns\java.pat
c:\program files\java\jre1.5.0_10\bin\java.dll
c:\program files\java\jre1.5.0_10\bin\java.exe
c:\program files\java\jre1.5.0_10\lib\security\java.policy
c:\program files\java\jre1.5.0_10\lib\security\java.security
c:\program files\pc-doctor for windows\java
c:\program files\pc-doctor for windows\java\jre\bin\java.dll
c:\program files\pc-doctor for windows\java\jre\bin\java.exe
c:\program files\pc-doctor for windows\java\jre\lib\security\java.policy
c:\program files\pc-doctor for windows\java\jre\lib\security\java.security
c:\program files\ulead systems\ulead photoimpact 10 se\wcsdata\java
c:\windows\java
c:\windows\sun\java
c:\windows\system32\java.exe
Not sure if this is relevant,but took the browser security test mentioned on this site,and found although my Firefox is up to date(v2.0.0.16)I did not pass the apple Quick Time scripting vulnerability.my quickTime is v6.5.2(I think) and will not run or update.
Also had a result on the HJT ADSSpy scan
Adobe
c:\documents and settings\all users\application data\adobe
c:\documents and settings\all users\application data\adobe\photoshop elements\how-tos\4.0\en_us\recipes\adobe
c:\documents and settings\hp_administrator\application data\adobe
c:\documents and settings\hp_administrator\application data\macromedia\flash player\#sharedobjects\ghg4hql3\adobe.com
c:\documents and settings\hp_administrator\local settings\application data\adobe
c:\documents and settings\hp_administrator\my documents\my pictures\adobe
c:\program files\adobe
c:\program files\common files\adobe
c:\program files\common files\adobe\typespt\unicode\mappings\adobe
c:\windows\system32\adobe
Java
c:\documents and settings\hp_administrator\application data\sun\java
c:\program files\java
c:\program files\common files\java
c:\program files\gimp-2.0\share\gimp\2.0\patterns\java.pat
c:\program files\java\jre1.5.0_10\bin\java.dll
c:\program files\java\jre1.5.0_10\bin\java.exe
c:\program files\java\jre1.5.0_10\lib\security\java.policy
c:\program files\java\jre1.5.0_10\lib\security\java.security
c:\program files\pc-doctor for windows\java
c:\program files\pc-doctor for windows\java\jre\bin\java.dll
c:\program files\pc-doctor for windows\java\jre\bin\java.exe
c:\program files\pc-doctor for windows\java\jre\lib\security\java.policy
c:\program files\pc-doctor for windows\java\jre\lib\security\java.security
c:\program files\ulead systems\ulead photoimpact 10 se\wcsdata\java
c:\windows\java
c:\windows\sun\java
c:\windows\system32\java.exe
Not sure if this is relevant,but took the browser security test mentioned on this site,and found although my Firefox is up to date(v2.0.0.16)I did not pass the apple Quick Time scripting vulnerability.my quickTime is v6.5.2(I think) and will not run or update.
Also had a result on the HJT ADSSpy scan
Another wave of infection I think...just when I thought we were getting somewhere!...superAntiSpyware was interrupted when updating,it started to search for updates again,but when I tried to terminate,error message appeared"Program could not be terminated as it is locked by the system,had to turn off the computer to get out of that lot
Spybot showed no threats in safe mode
Tried running Comodo scan in safe mode,but a warning message re the Defense plus system shows,which does not appear in normal mode
Avast is still a concern,no icons,and no auto update...I Tunes,I click remove and nothing happens
Spybot showed no threats in safe mode
Tried running Comodo scan in safe mode,but a warning message re the Defense plus system shows,which does not appear in normal mode
Avast is still a concern,no icons,and no auto update...I Tunes,I click remove and nothing happens
To be honest, I suspect system instability at this point rather than malware.
There is no evidence of current infection, yet your problems appear to be increasing.
OTMoveIt
Please download OTMoveIt2 by OldTimer and save it to your desktop
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
Now reinstall Adobe and Java.
Please re-run ComboFix, and then do the following
Eset NOD32 Online AntiVirus
Run Eset NOD32 Online AntiVirus
http://www.eset.eu/online-scanner
Note: You will need to use Internet Explorer for this scan.
There is no evidence of current infection, yet your problems appear to be increasing.
OTMoveIt
Please download OTMoveIt2 by OldTimer and save it to your desktop
- Double-click OTMoveIt2.exe to run it.
- Copy the lines in the codebox below.
Code:
c:\documents and settings\all users\application data\adobe
c:\documents and settings\hp_administrator\application data\adobe
c:\documents and settings\hp_administrator\application data\macromedia\flash player\#sharedobjects\ghg4hql3\adobe.com
c:\documents and settings\hp_administrator\local settings\application data\adobe
c:\documents and settings\hp_administrator\my documents\my pictures\adobe
c:\program files\adobe
c:\program files\common files\adobe
c:\windows\system32\adobe
c:\documents and settings\hp_administrator\application data\sun\java
c:\program files\java
c:\program files\common files\java
c:\program files\java\jre1.5.0_10
c:\windows\java
c:\windows\sun
c:\windows\system32\java.exe- Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
- Click the red Moveit! button.
- Copy everything in the Results window (under the green bar), and paste it in your next reply.
- Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
Now reinstall Adobe and Java.
Please re-run ComboFix, and then do the following
Eset NOD32 Online AntiVirus
Run Eset NOD32 Online AntiVirus
http://www.eset.eu/online-scanner
Note: You will need to use Internet Explorer for this scan.
- Tick the box next to YES, I accept the Terms of Use.
- Click Start
- When asked, allow the activex control to install
- Disable your current Antivirus software. You can usually do this with its Notfication Tray icon near the clock.
- Click Start
- Make sure that the option "Remove found threats" is Un-checked, and the option "Scan unwanted applications" is checked
- Click Scan
- Wait for the scan to finish
- Re-enable your Anvirisus software.
- A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
This morning could not open this reply page at all,and all other pages were really slow.
Re reinstalling Adobe,I am unsure what you mean,I am on slow dialup and could not download the gigantic Reader file from the net.Also have Adobe Photoshop Elements which has no problems,does this tool uninstall it,and its components?
Re reinstalling Adobe,I am unsure what you mean,I am on slow dialup and could not download the gigantic Reader file from the net.Also have Adobe Photoshop Elements which has no problems,does this tool uninstall it,and its components?
Don't use OTMoveIt yet, please do the following.
Please Download GMER to your desktop
Please create a folder in the Program Files folder called GMER.
Download GMER and extract it to the C:\program files\GMER folder you have just made.
Run the Gmer.exe program by double-clicking the executable file gmer.exe.
You may be prompted to scan immediately if GMER detects rootkit activity.
If you are prompted to scan your system click "yes" to begin the scan.
If you are not prompted, Click the "Rootkit" tab, then click "Scan".
DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !
At the end of the scan, click "Copy" to copy the scan results to the clipboard. Then paste the results in a notepad file and also paste them back in your next reply.
Please post the results from the GMER scan in your reply.
Also please re-run ComboFix
Please Download GMER to your desktop
Please create a folder in the Program Files folder called GMER.
Download GMER and extract it to the C:\program files\GMER folder you have just made.
Run the Gmer.exe program by double-clicking the executable file gmer.exe.
You may be prompted to scan immediately if GMER detects rootkit activity.
If you are prompted to scan your system click "yes" to begin the scan.
If you are not prompted, Click the "Rootkit" tab, then click "Scan".
DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !
At the end of the scan, click "Copy" to copy the scan results to the clipboard. Then paste the results in a notepad file and also paste them back in your next reply.
Please post the results from the GMER scan in your reply.
Also please re-run ComboFix