Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't Open Files


  • This topic is locked This topic is locked
21 replies to this topic

#1 Bob2011

Bob2011

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 14 June 2012 - 11:47 PM

Dear Bleepers, Thursday 6-14-2012
Hope this is the right forum and you can help me.
April 11th 2011 I had a nasty virus that almost wiped everything out. I hit the reset button and apparently that saved it although what was left was messed up. Apparently there was more than one issue but the one I remember was a virus called, “HiderJab.” Through SpyHammers and your work I was able to retrieve my data using Combofix and Unhide.
I just tried to access some old files (110 of them) that are critical to me and couldn’t find them. I hadn’t tried to access them since before “HiderJab” and other issues hit me. In XPs Explorer the entire folder is gone. It should be in the “Letters To Members” folder in the string below but the folders gone.
C:\Documents and Settings\Robert A. Matney\My Documents\File Documents\EDGEWOOD\EdgewoodNews Web Page\Letters To Members


I wondered what else was missing and looking around found UnHide.exe was gone as well. Apparently this issue occurred after we successfully restored the system. I downloaded it again from Bleeping computers and ran it. It found a few errors but rebooting it didn’t bring back the “Letters To Members” subdirectory.


However, XP’s Windows Search Results lists the files but I can’t open them. Google Advanced Desktop Search finds the files but when I click a file it doesn’t open in MS Word but rather in Firefox with the below message at the top in a box.


This is one version of C:\found.003\dir0001.chk\2010\100510 ERN WCOG Recap.doc from your personal cache.
The file may have changed since that time. Click here for the current file.
Since this file is stored on your computer, publicly linking to it will not work.
Google may not be affiliated with the authors of this page nor responsible for its content. This page may be protected by copyright.


Of course C:\found doesn’t exist either.


Clicking on: C:\found.003\dir0001.chk\2010\100510 ERN WCOG Recap.doc from your personal cache
Results in:
File Not Found
The following file cannot be found:
C:\found.003\dir0001.chk\2010\100510 ERN WCOG Recap.doc
This may happen if you deleted or moved the file.


Clicking on the word “Cache” results in the Google error msg:
404. That’s an error.
The requested URL /filecache.html was not found on this server. That’s all we know.


Clicking on the word “Current File” results in the Google error msg:
File Not Found
The following file cannot be found:
C:\found.003\dir0001.chk\2010\100510 ERN WCOG Recap.doc
This may happen if you deleted or moved the file.


Inside Google Desktop Search’s address bar is the following:
http://127.0.0.1:4664/cache?event_id=4125&schema_id=6&q=Edgewood+Residential+News+|filetype%3Adoc+|filetype%3Adocx+under%3A%22C%3A\%22&s=vy3UUVg4XnQe0fgfXcvBqIBs_i8


All this reminds me of the HiderJab virus. I hope you can help and save me a week of copy and paste.

Sincerely, Robert A. Matney.

FYI: I keep my PC up to date with MS Updates and I run Malwarebytes Anti-Malware weekly. The only issue has been I just discovered I can not post to the “Spyhammer.com” website. I get the error message below and the email address of ADM1N is bogus.

HTTP Error 403 Forbidden
You don't have permission to access
/simplemachinesforum/index.php?action=post2;start=0;board=10 on this server.
Your computer may be infected with a virus or a trojan. The Firewall has determined that you: Request Entity Attack: %22!
If you get this message in error, please contact the ADM1N and provide the date and time of this message.

BC AdBot (Login to Remove)

 


#2 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:05:14 PM

Posted 18 June 2012 - 05:59 PM

Download the Windows Repair All-In-One tool from Tweaking.com and click the video there. You can listen as a brief description is rendered for it's basic usage.

After you install it, the program will automatically open for you.

Posted Image
Click the Step 2 tab. To perform the disk check you'll need to click the Do It button. The system will need to reboot to perform that function so when it comes back up, return to the tools Step 3 tab to perform a system file check...again, you'll need to click the Do It button to get things started.

When that scan completes, click the Next button, then click the "System Restore" Create button. When the restore point has been created, you can click the ERUNT "Backup" button. ERUNT will create a back up of the system's registry for you. When you've completed that, click the Next button, then click Start and the following screen will appear:

Posted Image
You can see all the items in the left pane which can be fixed using this tool. Click the Start button to begin the repair.

Post back when you finish and let me know what issues you are still experiencing. Thanks!

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#3 Bob2011

Bob2011
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 22 June 2012 - 04:37 AM

Dear 1972 Vet, June 22, 2012 Friday, very early Friday

Thank you for your help.

Just an FYI, I found a backup of the known files that vanished on a old hard drive so I’m greatly relieved but still wonder what else is missing.

Ran Tweaking 1.7.4, took a long time, created a bunch of text log files but I couldn’t tell if it actually did anything. When I repeated the Windows and Google search I got the same results. However, I accidently left out some info last time. I don’t think it’s critical but better safe than sorry.


It’s as if the search is looking at an index that says the file exists in C:\found.003\dir0001.chk\2010\100510 ERN WCOG Recap.doc but the directory is not actually there. However, the file information is out there, somewhere.

Here’s what I did.

Again, XP’s Windows Search Results lists the files but I can’t open them. Google Advanced Desktop Search finds the files with the below message (this is the part I left out)
100510 ERN WCOG Recap.doc
Edgewood Residential News Readers From .. Residential News Copyright Edgewood Residential .. News Monday May 10, 2010 *Concerned Citizens of Edgewood: Some of
Preview found.003\dir...\100510 ERN WCOG Recap.doc - Open folder - 1 cached - May 10 2010

NOTE: Clicking on Open Folder results in:
The following file cannot be found:
C:\found.003\dir0001.chk\2010
This may happen if you deleted or moved the file.

***
NOTE: Clicking on 1 Cached results in the files full content in a box I’ve never seen before and the below message in a smaller box at the top of the page.

This is one version of C:\found.003\dir0001.chk\2010\100510 ERN WCOG Recap.doc from your personal cache.
The file may have changed since that time. Click here for the current file.
Since this file is stored on your computer, publicly linking to it will not work.

Google may not be affiliated with the authors of this page nor responsible for its content. This page may be protected by copyright.


NOTE: Copying the links location C:\found.003\dir0001.chk\2010\100510 ERN WCOG Recap.doc resulted in the below string.
http://127.0.0.1:4664/redir?url=C%3A%5Cfound%2E003%5Cdir0001%2Echk%5C2010%5C100510+ERN++WCOG+Recap%2Edoc&src=7&s=iVv4YpSX08UtnPc0cZEtoUIQxKo



***
NOTE: Clicking on May 10 2010 brings up a list of files not only from May 10 2010 but the 5th, 6th, 8th, 11th, 12th, 13th and 14th. Clicking on the title brings up the box in the previous example with the file contents. It’s in some kind of loop.
***

NOTE: From this point everything’s the same as I sent last time. I’ve reprinted it for convenience.

However, XP’s Windows Search Results lists the files but I can’t open them. Google Advanced Desktop Search finds the files and contents but when I click a file it doesn’t open in MS Word but rather in Firefox with the below message at the top in a box.


This is one version of C:\found.003\dir0001.chk\2010\100510 ERN WCOG Recap.doc from your personal cache.
The file may have changed since that time. Click here for the current file.
Since this file is stored on your computer, publicly linking to it will not work.
Google may not be affiliated with the authors of this page nor responsible for its content. This page may be protected by copyright.


Of course C:\found doesn’t exist either.


Clicking on: C:\found.003\dir0001.chk\2010\100510 ERN WCOG Recap.doc from your personal cache
Results in:
File Not Found
The following file cannot be found:
C:\found.003\dir0001.chk\2010\100510 ERN WCOG Recap.doc
This may happen if you deleted or moved the file.


Clicking on the word “Cache” results in the Google error msg:
404. That’s an error.
The requested URL /filecache.html was not found on this server. That’s all we know.


Clicking on the word “Current File” results in the Google error msg:
File Not Found
The following file cannot be found:
C:\found.003\dir0001.chk\2010\100510 ERN WCOG Recap.doc
This may happen if you deleted or moved the file.


Inside Google Desktop Search’s address bar is the following:
http://127.0.0.1:4664/cache?event_id=4125&schema_id=6&q=Edgewood+Residential+News+|filetype%3Adoc+|filetype%3Adocx+under%3A%22C%3A\%22&s=vy3UUVg4XnQe0fgfXcvBqIBs_i8


All this reminds me of the HiderJab virus. I hope you can help and save me a week of copy and paste.

Sincerely, Robert A. Matney.

FYI: I keep my PC up to date with MS Updates and I run Malwarebytes Anti-Malware weekly. The only issue has been I just discovered I can not post to the “Spyhammer.com” website. I get the error message below and the email address of ADM1N is bogus.

HTTP Error 403 Forbidden
You don't have permission to access
/simplemachinesforum/index.php?action=post2;start=0;board=10 on this server.
Your computer may be infected with a virus or a trojan. The Firewall has determined that you: Request Entity Attack: %22!
If you get this message in error, please contact the ADM1N and provide the date and time of this message.

#4 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:05:14 PM

Posted 22 June 2012 - 07:51 AM

Google Advanced Desktop Search finds the files but when I click a file it doesn’t open in MS Word but rather in Firefox with the below message at the top in a box.

Try to open the file without double-clicking...right click on it instead and select "open with". You should be able to navigate to "MS Word" to use when opening the file. Let me know how that goes for you.

The only issue has been I just discovered I can not post to the “Spyhammer.com” website. I get the error message below and the email address of ADM1N is bogus.

HTTP Error 403 Forbidden
You don't have permission to access
/simplemachinesforum/index.php?action=post2;start=0;board=10 on this server.
Your computer may be infected with a virus or a trojan. The Firewall has determined that you: Request Entity Attack: %22!
If you get this message in error, please contact the ADM1N and provide the date and time of this message.

The message is a common one. We all get that on occasion. It's part of our anti-spam/troll/malware effort. Just wait a few minutes and try it again. If you received it after you already had connected and were trying to post a log, then you should try to upload the log instead of pasting it.

By the way, you aren't currently working with anyone at "SpywareHammer.com" at this time are you? I need to know before we continue. Thanks!

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#5 Bob2011

Bob2011
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 22 June 2012 - 11:32 PM

Dear 1972Vet Fri June 22, 2012 9:31 p.m.
Thanks for your response. Been a very long day for me, work, dental work, shopping and yard work. Just now got the opportunity to log on, TGIF. For sure I’m in bed before 3 am tonight.
I’m not working with anyone at Spyhammer as I couldn’t post.
Right clicking on any of the file names, locations or other options doesn’t bring up an option to open a file in any programs like Word. It brings up the standard Google option box that includes: Open Link in a new Tab, Open Link in a New Window, Bookmark This Link, Save Link As, Send Link, Send Link Location, Copy Link Location, Inspect Element (Q) and Auto Pager.
This is a head scratcher.
Take care, Bob.

#6 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:05:14 PM

Posted 23 June 2012 - 09:46 AM

Let's have a look at what's there:
Disable the active protection component of your antivirus and antispyware programs by following the directions that apply Here. Next, please download the free utility DDS from any of these locations...Here, Here...or Here.
Note - Some infections may prevent certain executable files from running on your computer. If one of these download locations results in a failed run of the utility, please try the next location until you find one that will work on your machine
Double click dds.scr to run the tool
  • When it completes, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop.

Next, please install WinPatrol Free version Here...and install it using default settings (change nothing during the installation). When the installation completes, double-click the WinPatrol icon in your system tray to open the user interface. Click on the "Options" tab. Click on the Hijack Log button. Wait for a notepad file to open containing the logged system analysis information and save it to your destktop. You can name the log "WinPatrol Hijack" log.

Please remember to include the following logs in your next reply.
  • DDS.txt
  • Attach.txt
  • WinPatrol Hijack Log

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#7 Bob2011

Bob2011
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 23 June 2012 - 07:15 PM

Dear 1972Vet, Saturday June 23, 2012
Another record cold day here in Puget Sound, wearing heavy sweat shirt and jacket.
I ran WinPatrol HiJack before and after running DDS.scr. They are named 120623 01 HijackPatrol.log
and 120623 02 HijackPatrol.log
Hope these are helpful.
Sincerely, Bob.

Attached Files



#8 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:05:14 PM

Posted 24 June 2012 - 09:49 AM

The error in your event viewer log indicates a problem with your System Restore function. It's entirely possible the "unexpected error" is due to the fact that your disk has run out of space to record the restore point. According to your Attach.txt document, the disk would require at least 11.5 gigs or free space even to perform a disk defrag. It may well require more than that to record another restore point so...my recommendation is to scour the volume to find programs to uninstall (that you don't use or need), and to run a disk cleaning utility to remove junk files.

For starters, these can be uninstalled:
Java™ 6 Update 22
Java™ 6 Update 30
<--both of these Java installations are out of date and exploited...not to mention, you already have the most up dated version of Java installed which is the only one you need.
Viewpoint Media Player <--and this program is foistware. You probably didn't install it anyway, so uninstalling it is not a bad idea.

Next, please Download CCleaner. As you get to know this product better, you can change the settings to suit your own particular needs, but for now...Default settings are fine with these few exceptions:
  • Before your first scan, open the program and select Options-->Advanced, then UNCHECK the option for "Only delete files in Windows Temp folder older than 48 hours."
  • Return to the "CCleaner" function. Under the "Windows" tab, scroll down to the "Advanced" section and be sure that the only item checked is Old Prefetch Data.
  • Click the "Applications" tab. Scroll to the "Utilities" section and look for any Security application listed there. For example, if you have "MalwareBytes" installed, you would remove the check for it here otherwise, when you run CCleaner, having any of these items checked for your security applications will result in the removal of your security programs scan logs.
  • Click the "Run Cleaner" button.
  • A pop up box will appear advising this process will permanently delete files from your system.
  • Click "OK" and it will scan and clean your system.
  • Click "exit" when done.
***Note***
Checking "Cookies" will remove problem spyware cookies and help to speed up other spyware/adware/malware scans.
This will mean however, the next time you click on a web page where you have signed in before, you will have to re-enter your user I.D. and password.


Please avoid using the "registry" cleaning feature of this utility unless you consider yourself an expert. Contrary to popular thought, the Windows Registry has no need of any "cleaning". I personally challenge anyone to show a substantial benefit from having used any of these "registry cleaning" programs. There is none. Any difference at all is so miniscule that it's nearly impossible to calculate.

On the flip side, rather than any benefit, there is the possibility of slicing out enough pieces of the registry to render things useless...and that includes the operating system.

By default, CCleaner will ask you if you want to backup what is removed, and I suggest you do just that. If you have already used this option and found that something no longer works properly, please find the backup that was created and use it to restore that particular item. Remember, using this to clean the disk is absolutely useful and beneficial. A novice needs only to use the disk cleaning feature...and avoid the registry cleaning aspect. It's not difficult...just don't bother to click the Registry button on the menu.

CCleaner is an excellent...and fast disk cleaning utility that can easily be configured to suit your needs. Often, users find a simple reboot resolves a quirky performance issue which can come about as a result of the collection of temp files while browsing the web...and if you configure CCleaner to run on start up, then your system could be kept running fast and clean with each new user session.

The Yahoo Toolbar is included by default during the installation of the CCleaner utility...if you DO NOT WANT IT, be sure to remove the check from the "Add CCleaner Yahoo! Toolbar and use CCleaner from your browser" option during installation setup or else just download the Slim version (no toolbar...last download link at the bottom of that page)...

Or if you just want to run your on board Disk Cleanup ("Start--> Programs-->Accessories-->System Tools-->Disk Cleanup" ), just open the utility and check off the following:
Downloaded Program Files, Temporary Internet Files, Recycle Bin, and Temporary Files.

Please run another DDS scan when you finish with the above and post back the "Attach.txt" file only please. Thanks!

By the way, the disk, as packed full as it is, may also be relative to your "can't open files" issues for lack of space on the disk. It's possible...not more likely, but possible nonetheless. Regardless, eventually, we'll get to the bottom of it.

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#9 Bob2011

Bob2011
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 24 June 2012 - 04:25 PM

Dear 1972Vet,
I removed the programs you suggested and a few I don’t know how they got on there, about 800 meg so a long way to go. As you can see NERO is the biggest program hog. Am going through all programs and files to see which ones to remove, will run CC and repost results. I’ve got 11 gig of music so I can put that on an old HD.
FYI: I successfully defragged the hard drive about 7 months ago.
There’s a lot of Microsoft Net.framwork programs, about 300 meg worth. I’ve had problems with these in the past and have gotten mixed advice from MS tech support. When I do a MS Update Scan I always get notices to install some of these programs (versions 1-4). I install and get the message programs successfully installed, reboot. Doing another MS Update Scan I get the same message to install the same programs. One MS Tech support person told me as long as I have the most up to date version (Framework 4) that covers everything and the others are not needed. Another support person told me to leave them all installed. Any advice on these?
Sincerely, Robert.

#10 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:05:14 PM

Posted 24 June 2012 - 04:51 PM

Dear 1972Vet,
I removed the programs you suggested and a few I don’t know how they got on there, about 800 meg so a long way to go. As you can see NERO is the biggest program hog. Am going through all programs and files to see which ones to remove, will run CC and repost results. I’ve got 11 gig of music so I can put that on an old HD.
FYI: I successfully defragged the hard drive about 7 months ago.
There’s a lot of Microsoft Net.framwork programs, about 300 meg worth. I’ve had problems with these in the past and have gotten mixed advice from MS tech support. When I do a MS Update Scan I always get notices to install some of these programs (versions 1-4). I install and get the message programs successfully installed, reboot. Doing another MS Update Scan I get the same message to install the same programs. One MS Tech support person told me as long as I have the most up to date version (Framework 4) that covers everything and the others are not needed. Another support person told me to leave them all installed. Any advice on these?
Sincerely, Robert.

I can suggest that you uninstall Nero if you don't use it often. When you know you will have a need for it, you can probably run it from the disk. I had one of these type of disk burning programs years ago and I can't say with certainty, but I believe it was from roxio. As I recall, that one had a feature allowing the user to run the program from the disk instead of installing it...or if yours doesn't offer that option, you can install it for your purpose at hand, then uninstall it when finished to keep the disk a bit more light weight.

As to your music files, I can suggest if it's handier, you can just burn them to a variety of disks too. And, as to the .net framework software, as I understand it, they are not cumulative. Once you install something that needs one of them, it is either included with your installation, or you will be prompted to download and install it (them). So, my advice there is to leave what you have alone or else something you use might no longer work.

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#11 Bob2011

Bob2011
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 25 June 2012 - 01:39 AM

Dear 1972Vet, Late Sunday night June 24, 2012
Moved all my music files to old hard drives so now I’ve got 19.3 gig free on the hard drive. Can’t live without NERO. Ran CC and DDS and attached the Attach.txt file.
Have a good Monday, Robert.

Attached Files



#12 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:05:14 PM

Posted 25 June 2012 - 03:26 AM

Next we need to update your software and remove out dated/exploited programs...
Please run the free online scan Here. After clicking the Start scan button, please check the box for the option Enable thorough system inspection, then click the Start button.

Just below the "Scan Options:" section, you'll see the status of what's currently processing. You will also see an in process indicator that looks like this: Posted Image
...when the scan completes, the message "Detection completed successfully" will appear in the Programs/Result section. For each problem detected, Secunia will offer a "Solution" option. Please follow those instructions to download updated versions of the programs complained of during the scan. Copy your results so you can paste them back here on your next reply.

Next, although Secunia is an excellent "update" scanner, it does find and report ONLY out dated software for which there has been a security vulnerability reported. FileHippo offers a piece of freeware that scans for all the rest. While you'd think it's enough to have just one, I should point out, the FileHippo scanner isn't necessarily going to point out to you that certain programs have any vulnerabilities...secunia does this and more, but it also leaves a gap, such that any other out dated software is ignored.

Download FileHippo's Update Checker. Double-click the FHSetup.exe file to install it. When the install completes, you'll find the Update Checker shortcut on the desk top. Double-click on it and a scan begins with the results showing in your browser. Any software it finds to be out of date, will be presented in your browser. Just click on the download link provided there to download your software updates. Ignore the beta software unless you want that...during the scanner initialization, you can click the settings link, then click the results tab and check the box "Hide beta versions". After clicking the OK button, click the "Retry" link to continue the scan with those settings. Please remember to post back your results. If all looks well from this point, then we need to perform an online scan. Your response will indicate how we shall proceed. Thanks!

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#13 Bob2011

Bob2011
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 25 June 2012 - 04:37 PM

Dear 1972Vet,
Ran OSI, chose deep scan, found 3 problems with outdated programs: Adobe Flash Player 11.x, Oracle Java JRE 1.7.x and Oracle Java 7.0.40.22. Complete copy of OSI scan results below. Downloaded and installed new versions of Adobe and Java. File Hippo File Update Checker found 14 updates available, downloaded and successfully installed all but Real Player that I removed and MS Windows Live I don’t want. Complete copy of File Hippo File Update Checker below.
Everything seemed to work OK. Didn’t do another Crap Cleaner just in case something might be wrong. Got to go change oil in the car.
Sincerely, Robert.


******* Complete copy of OSI scan results **********
Welcome to Secunia Online Software Inspector (OSI)
Scan Now

The Secunia Online Software Inspector will inspect your operating system and software for insecure versions and missing security updates. A default inspection normally lasts 5-40 seconds, while a thorough inspection may take several minutes.
Detection Statistics:
11 Applications Detected in Total
3 Insecure Versions Detected
8 Patched Versions Detected
Running For: 38 Minutes, 2 Seconds
Errors with the scan:
0 Errors Detected, scan result should be correct

Adobe Flash Player 11.x Adobe Flash Player 11.x 11.2.202.235 (NPAPI) Adobe Flash Player 11.x
This installation of Adobe Flash Player 11.x is insecure and potentially exposes your system to security threats!
The detected version installed on your system is 11.2.202.235 (NPAPI), however, the latest patched version released by the vendor, fixing one or more vulnerabilities, is 11.3.300.257 (NPAPI).


Installed on Your System in:
C:\WINDOWS\SYSTEM32\Macromed\Flash\NPSWF32_11_2_202_235.dll
Oracle Java JRE 1.7.x / 7.x Oracle Java JRE 1.7.x / 7.x 7.0.40.22 Oracle Java JRE 1.7.x / 7.x
This installation of Oracle Java JRE 1.7.x / 7.x is insecure and potentially exposes your system to security threats!
The detected version installed on your system is 7.0.40.22, however, the latest patched version released by the vendor, fixing one or more vulnerabilities, is 7.0.50.5.


Installed on Your System in:
C:\Program Files\Java\jre7\bin\java.exe
Sun Java JRE 1.6.x / 6.x Sun Java JRE 1.6.x / 6.x 6.0.130.3 Sun Java JRE 1.6.x / 6.x
This installation of Sun Java JRE 1.6.x / 6.x is insecure and potentially exposes your system to security threats!
The detected version installed on your system is 6.0.130.3, however, the latest patched version released by the vendor, fixing one or more vulnerabilities, is 6.0.330.3.

Installed on Your System in:
C:\Program Files\Java\jre1.6.0_13\bin\java.exe

****************** File Hippo Update Checker *******************

14 Updates Detected
Adobe Air 3.3.0.3650
Installed Version: 3.0.0.4080
14.49MB Download Now!
CCleaner 3.20.1750
Installed Version: 3.19.0.1721
3.71MB Download Now!
DriveImage XML 2.30
Installed Version: 2.2.2.0
1.92MB Download Now!
Flash Player 11.3.300.262 (Non-IE)
Installed Version: 11.3.300.257
9.36MB Download Now!
Google Earth 6.2.2.6613
Installed Version: 6.1.0.5001
16.65MB Download Now!
ImgBurn 2.5.7.0
Installed Version: 2.5.6.0
5.84MB Download Now!
PDFCreator 1.4.1
Installed Version: 1.2.0.3
17.83MB Download Now!
RealPlayer 15.0.4.53
Installed Version: 6.0.9.584
26.12MB Download Now!
Recuva 1.42.544
Installed Version: 1.41.0.537
2.45MB Download Now!
Sandra Lite 2012 SP4c (18.52)
Installed Version: 18.47.2012.6
54.65MB Download Now!
TeraCopy 2.27
Installed Version: 2.2.0.0
2.81MB Download Now!
Windows Live Mail 2009
Installed Version: 14.0.8089.726
1.19MB Download Now!
Windows Live Messenger 2009 (14.0.8117)
Installed Version: 4.7.0.3001
1.19MB Download Now!
Windows Live Writer 2009
Installed Version: 14.0.8089.726
1.19MB Download Now!
Total size: 159.39MB

#14 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:05:14 PM

Posted 26 June 2012 - 05:37 AM

Great, thanks! Now let's take a swing and see what get's stirred up:
Please disable the active protection component of your antivirus and antispyware programs by following the directions that apply Here.
...of those, many people overlook the Windows Defender since, for most, there is no icon for it in the system tray. Scroll through those directives above and look for this application specifically, to make certain it is disabled.

Please download combofix from This Webpage...and read through the instructions there for running the tool.

***Important Note***
Please read through the guidance on that web page carefully and thoroughly...and install the Recovery Console. Using this tool without the Recovery Console installed is NOT RECOMMENDED.

If you have Windows Vista or Windows 7, you can skip the recovery console step...in Vista/7 it's in the System Recovery Options menu. The System Recovery Options menu is on the Windows Vista or Windows 7 installation disc. If Windows doesn't start correctly, you can use these tools to repair startup problems.


The Windows Recovery Console will allow you to boot into a special recovery (repair) mode that is not otherwise available. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It's a simple procedure that will only take a few moments.

Once installed, a blue screen prompt should appear that reads as follows:

The Recovery Console was successfully installed.

When you see that screen, please continue as follows:

  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a log file for you. Please post that log back here on your next reply. Thanks!

Note:
Do not mouseclick combofix's window while it's running....that may cause the scan to stall

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#15 Bob2011

Bob2011
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 27 June 2012 - 12:08 PM

Dear 1972Vet, Wednesday June 27, 2012
Running ComboFix turned into a disaster. I’ve attached the log. I followed directions and it ran OK then rebooted but I’d forgotten about a program I use called Startup Delayer that started a couple programs including MS Word. I stopped them as soon as I could but apparently the damage was done.
All the shortcuts were gone from desktop files but the folders were in tact and once inside a folder those file shortcuts were OK. Clicking Start, All Programs revealed a blank page. In My Computer clicking on Folders resulted in a blank left side. But going inside certain program folders and attempting to execute the exe file some programs wouldn’t start like web browsers so I couldn’t contact you. Just as well as I couldn’t get security software going. Worst of all I couldn’t get System Restore to work. After many many hours trying things and phone consultations with pseudo experts our consensus was the only thing left was to reinstall windows. Sooo, after many many more hours of install and 150 updates things are pretty much functional again. I reran all the programs and there were no new security issues. Attempting the same original issue doing a search on the missing files gives the same original results.
Don’t know where to go from this point other than take a rest break and catch up on a few things.
Sincerely, Robert.

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users