8 steps problems, Java won't update

[phys]

I went through the 8 steps and things didn't get better. I was only able to run SuperAntiSpyware in Safe Mode. Otherwise my computer crashed part way through the scan every time. After this step I could not access any webpages unless I boot in Safe Mode. I tried to upgrade Java and it told me Administrator had set restrictions that prevent completing the installation. I was logged on as Administrator. Now I get an error that it can't update with current network settings.

I got into all of this to try to fix a problem I had on startup. It repeatedly gave me a message of "logonui.exe Application error" and something about memory could not be written. Now I don't get that but I get a similar one about svchost.exe and memory can't be written. After I get logged in I continue to get Data Execution Prevention errors that force Logon UI to close.

Help please!

PS Upload fails on both the mbam-log and the SUPERAntiSpy logs. Should I copy them into this thread?

 

[mflynn]

In trouble again huh!

OK do you not have MBAM and SAS installed from your other thread?

IF so then update and post the logs. If you have the programs but can't update then run what you have.

Let me know otherwise post the logs.

Mike

 

[phys]

I don't have another thread. This was my first ever post.

I figured out why my uploads were failing so here are the two other logs.

Thanks for the help.

 

[mflynn]

OK confused you with someone with a similar name and problem.

Another run indicated!
OK there were found/removed items in both MBAM and SAS so we need to run again as the first run likely exposed things that were not even seen the first time.

So another run Quick Scan will likely find more. So UPDATE and run both again. Attach logs.

Go into Control panel Add/remove programs and uninstall all Java. All!

Mike

 

[phys]

I'm working on removing Java. I get a message that "The Windows Installer Service could not be accessed..." I downloaded and installed WindowsXP-KB942288-v3-x86.exe to install Windows Installer 4.5. I still get the same error when trying to remove Java.

 

[mflynn]

OK so i know why you have a problem with Java. We will fix it later for now proceed with the Malware cleanup.

Do the posts in the order presented so..

Another run indicated!
OK there were found/removed items in both MBAM and SAS so we need to run again as the first run likely exposed things that were not even seen the first time.

So another run Quick Scan will likely find more. So UPDATE and run both again. Attach logs.

Mike

 

[phys]

I finally had a chance to redo the scans. Both still found things.

SAS crashes my computer during a scan unless I'm in safe mode.

I still get multiple svchost.exe memory errors before I can login unless I'm in safe mode.

Previously I could only access the internet in safe mode and now I can't even do that. I moved these log files onto another computer to upload and post this.

 

[mflynn]

Well are you doing Step 3 of the Steps disabling other protections so they will not interfere with these scans?

Disable protections for malware scans
From the 8 Steps #3 https://www.techspot.com/vb/topic118528.html
http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html
http://www.bleepingcomputer.com/forums/topic114351.html

Turn off what you can if still problems continue in Safe mode.

Another run indicated!
OK there were found/removed items in MBAM so we need to run again as the first run likely exposed things that were not even seen the first time.

So another run Quick Scan will likely find more. So UPDATE MBAM run again. Attach logs.

Mike

 

[phys]

Scans found nothing this time.

I removed all live monitoring programs and SAS scans still crash unless I'm in safe mode.

Still no internet access.

Still can't remove Java.

 

[kimsland]

Please run HJT scan only, and then place a tick next to the following Malware entries

O4 - HKUS\S-1-5-18\..\Run: [hdlldeoe.exe] C:\WINDOWS\hdlldeoe.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [hdlldeoe.exe] C:\WINDOWS\hdlldeoe.exe (User 'Default user')

Then select FIX



I notice that you have Symantec installed (ie Norton)
Norton is very heavy on system resource and usually faults under Virus infection (ironically)
It is certainly the worst antivirus in my opinion.

Here's what you should do (plus the above of course )

Uninstall Symantec (Norton) Antivirus
Run the Norton Removal tool

Install the much better Avira free AntiVirus. Then run a full antivirus scan

Pretty sure your problems will be solved
Note you can use Safe Mode with networking (by pressing F8 key before Windows startup)
If Normal mode cannot be presently accessed (probably due to Norton)

Let us know what Viruses Avira found and removed (actually a log would be good)
And also how your system is performing from doing the above :grinthumb

 

[mflynn]

I agree!

Mike

 

[phys]

I ran HJT and fixed the two entries that you indicated.

I tried to remove Symantec and I got the same Windows Installer error that prevented me from removing Java.

NRT says it can't run until Symantec is removed.

 

[mflynn]

OK then this ought to do the job!

Download Dial-A-Fix (DAF)
http://wiki.djlizard.net/Dial-a-fix#...C_and_articles
http://djlizard.net.nyud.net:8080/software/Dial-a-fix-v0.60.0.24.zip

Have XP CD available in case DAF needs a file.

Check all boxes on the Opening screen (clear any restrictions if it shows any)
Then click GO!

When the entire page is finished click the HammerHead at bottom to go to the Second DAF page.

Here 1 at a time do the below

Flush DNS
Flush Icons
Process Idle Tasks
Reinstall BITS
Reinstall Windows Firewall
Repair Permissions
Watch for any File not found or other errors and make note as this may lead to the fix!

Reboot retest first on NRT!

If that works do the below to Install Java.
1. Download and run the full offline java installer (watch and uncheck any toolbars offered): https://www.techspot.com/downloads/6463-java-se.html

2. only after above ( I am assuming you had left overs from before and they need to be cleaned)

Cleanup old Java and update to newest version this program will do it all for you.

Download JavaRa http://prm753.bchea.org/JavaRa.html

Unzip it, run it, to update chose Jucheck (Suns updater)

After update chose Cleanup old versions. Give it a minute and after it pops up the log file you will see what it removed.

Then click "Additional tasks" and check "remove Useless JRE files and Remove JavaRa log files.

After that run Search for Updates again to confirm you are up to date.
After that run remove older versions again. This time the Log file should be empty.

Mike

 

[phys]

OK. I ran DAF and rebooted. I still got Windows Installer error.

I reran DAF Windows Installer fix and didn't reboot.
Now I was able to remove Symantec and run the NRT successfully.

I ran the offline Java installer and used JavaRa to remove older versions.
I now only have Java 6 update 11.

I can't search for updates in JavaRa because I still can't access the internet.

I also still get svchost.exe memory errors before login.

 

[mflynn]

Do this hopefully to repair Internet!

Open SAS Click Preferences-Repairs
Then counting down from top do the following entries

Numbers 6, 8, 11, 12, 13, 15,18, 19, 20, 21, 22, 24, 25, 26 and 27!

Mike

I am sorry Phys I thought we had already run the below.

So do this..

Download SDFix to Desktop.

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

On Desktop run SDdFix It will run (install) then close.

Then reboot into Safe Mode

As the computer starts up, tap the F8 key several times.

On the Boot menu Choose Safe Mode.

Click thu all the prompts to get to desktop.

At Desktop
My Computer C: drive. Double-click to open.

Look for a folder called SD Fix. Double-click to enter SD Fix.

Double-click to RunThis.bat. Type Y to begin.

SD Fix does its job.

When prompted hit the enter key to restart the computer

Your computer will reboot.

On normal restart the Fixtool will run again and complete the removal process then say Finished,
Hit the Enter key to end the script and load your desktop icons.

Once the desktop is up, the SDFix report will open on screen and also be saved to the SDFix folder as Report.txt.
Attach the Report.txt file to your next post.
=========================================
Download ComboFix

NOTE: If you have had ComboFix more than a few days old delete and re-download.

Get it here: https://www.techspot.com/downloads/5587-combofix.html
Or here: http://subs.geekstogo.com/ComboFix.exe

Double click combofix.exe follow the prompts.

Install Recovery Console if connected to the Internet!

When finished, it will open a log.
Attach the log and a new HJT log in your next reply.

Note: Do not click combofix's window while its running. That may cause it to stall.

Mike

 

[phys]

Done. Still no internet.

IE prompts me to Diagnose Connection Problems.
I get "Windows cannot troubleshoot your network connection because an error has occurred. Please try again."

I tried to install Avira and got this message:

The CRC sum of
C:\DOCUM~1\SCOTTL~1\LOCALS~1\Temp\RarSFX0\basic\setup.exe
has been changed! This could be due to a virus!
Do you want to shut down Setup?

My only option seems to be click "OK."

Sorry I hadn't seen all the stuff below "Sorry Phys"

I'll try that now.

 

[mflynn]

OK continue with SDfix and ComboFix on my last post!

Mike

 

[phys]

I double click RunThis.bat and while "Checking Running Process.." I get a blue screen crash.
PAGE_FAULT_IN_NONPAGED_AREA
(I think that's it, it is off screen to the left a bit.)

Good news: I got no svchost.exe memory errors on startup.

Bad news: I got a Data Execution Prevention error and it terminated
Userinit Logon Application.
I can't login. When I Cntrl/Alt/Del I get the same message about Task Manager.
I power off with the button and get logonui.exe memory errors (10x).

I was able to start up after this (with svchost.exe errors again).

When I go into SDFix folder there are a lot of new files that weren't there before.
I assume this is due to the partial run.

 

[mflynn]

Skip to ComboFix and run it.

After attaching log do the below.

Delete the SDFix folder containing the RunThis.

Run the SDFix on the Desktop to reinstall that folder.

Boot to safe Mode as it says and open SDFix folder and rename RunThis.bat to 12rt34.bat and execute that instead of RunThis.

Mike

 

[phys]

Ran Combofix. After Completed Stage_50 I get a blinking cursor.
No log file that I can see. I swear I didn't click on the window!

Ahh. Waited long enough and it rebooted.

Here's the ComboFix log.

SDFix still crashed after reinstalling and renaming RunThis.

I'll be gone till later tonight. Thanks for the help.

 

[mflynn]

Hmm!

ComboFix usually don't do that.

Run it again in Safe Mode!

Mike

EDIT: Oh yes run it again it was loaded!

Mike

 

[phys]

ComboFix behaved exactly the same but with fewer deletions.
It still rebooted after stage 50 and then gave me the log.

I tried running SDFix again and it still crashed the same way.

I'm going to be away from this machine until Monday. Thanks for the help so far.

 

[mflynn]

OK it is not normal for both SDFix and ComboFix.

So do Norman Malware cleaner from below (in Safe Mode)

If it finds much then after cleaning reboot and run DrWeb

https://www.techspot.com/vb/post724044-3.html

Mike

 

[phys]

I'm running NMC and it is deleting dozens (thousands!) of *.exe that it says are infected with W32/Virut.BV.

Some of these are programs that I need to keep. (Ones I've written for research.)
Some of these programs have not been run in years.
It looks like it is finding every *.exe.
Is this really something that needs to be removed?
It doesn't look like there is going to be anything left to run!

It is even deleting a bunch of *.exe files for SAS and SDFix. Is that right?

Finally. Number of infected files repaired/deleted: 2844

This worries me. I didn't get any say on whether these files were deleted. Are they gone?

I haven't clicked anything since the scan began. I'll wait for some feedback here first.

 

[mflynn]

Stop it!

Have recently found out DrWeb can cure these!

Go back to same place and get DrWeb.

Then run from Safe Mode!

Mike