Infection... stuck system settings, hijacked browsers!

[Stuck]

This is the mbr file.

aswMBR.txt

[Stuck]

They did merge!

[Superdave]

You really didn't need to change AV's. Re-install MSE

[Stuck]

Didn't install Avast, only removed MSE to make sure it didn't interfere. Only Avast definitions files were downloaded and used... not Avast complete. The prompt window was not clear so I precluded corruption of the scan by removing MSE.

 

MSE is being re-installed now.

 

-Stuck

[Stuck]

MSE is up and running.

 

The service I cannot seem to gain control of is the notification service. Even though all the windows security services under it are functioning properly if I check them. This means that I will not get notified (through a system tray notice) when Win defender or firewall... etc. does something. I can live with this as the malware is gone. This service is superfluous anyway.

 

But only wish the damage hadn't been done. Part of my system doesn't follow my commands!

 

My external hard drive crapped out on me a couple of months ago... My images are gone.

 

If you want to try further... I will follow your instructions precisely!!

 

 

 

-Stuck

[Stuck]

I have re-installed firefox... it is fine now.:grin: I am not re-installing Opera at this time as I rarely use it. Defender appears to be functioning normally now after a couple of boots.

 

-Stuck

[Superdave]

Ok. We can do some cleanup.

 

But only wish the damage hadn't been done. Part of my system doesn't follow my commands!

Please explain in more detail.

 

Update Your Java (JRE)

 

Old versions of Java have vulnerabilities that malware can use to infect your system.

 

First Verify your Java Version

 

If there are any other version(s) installed then update now.

 

Get the new version (if needed)

 

If your version is out of date install the newest version of the Sun Java Runtime Environment.

 

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

 

Be sure to close ALL open web browsers before starting the installation.

 

Remove any old versions

 

1. Download JavaRa and unzip the file to your Desktop.

2. Open JavaRA.exe and choose Remove Older Versions

3. Once complete exit JavaRA.

 

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

********************************************

To uninstall ComboFix

 

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall
  

 

http://i424.photobucket.com/albums/pp322/digistar/Combofix_uninstall_image.jpg

 

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

 

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

***********************************************

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

 

Double-click TFC.exe to run it.

 

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

 

TFC will close all programs when run, so make sure you have saved all your work before you begin.

 

* Click the Start button to begin the cleaning process.

* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.

* Please let TFC run uninterrupted until it is finished.

 

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

***********************************************

Looking over your log it seems you don't have any evidence of a third party firewall.

 

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

 

Remember only install ONE firewall

 

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)

2) Online Armor

3) Agnitum Outpost

4) PC Tools Firewall Plus

 

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

**********************************************

Use the Secunia Software Inspector to check for out of date software.

 

•Click Start Now

 

•Check the box next to Enable thorough system inspection.

 

•Click Start

 

•Allow the scan to finish and scroll down to see if any updates are needed.

•Update anything listed.

.

----------

 

Go to Microsoft Windows Update and get all critical updates.

 

----------

 

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

 

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.

* Using SpywareBlaster to protect your computer from Spyware and Malware

* If you don't know what ActiveX controls are, see here

 

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

 

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

 

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.

Safe Surfing!

[Stuck]

JavaRa 1.15 Removal Log.

 

Report follows after line.

 

------------------------------------

 

The JavaRa removal process was started on Thu Dec 15 17:39:46 2011

 

Found and removed: C:\Program Files\Java\jre1.6.0_20

 

Found and removed: C:\Program Files\Java\jre6

 

Found and removed: C:\Users\Mel\AppData\LocalLow\Sun\Java\jre1.6.0_30

 

Found and removed: SOFTWARE\Classes\JavaPlugin.160_03

 

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03

 

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03

 

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_03.b05\

 

------------------------------------

 

Finished reporting.

 

 

Using 1.7.0_01 Java.... just needed to remove older version. Secunia reported the old version as a security threat. I had been using the newest version... just hadn't run Ra since updating.

 

What I mean about loss of control is that I cannot enable the Win Security service. I also have to start Win Defender manually everytime at boot. Those are the only two issues remaining with my system. Any further suggestions on this... it is more an annoyance than a problem.:-?

 

I had been using Comodo up until a month ago, got irritated with it and removed it. Do you have a recommendation as to which of the others you find most preferable?

 

I already use spybot. I will give Wot a try. I will also look at spyware blaster.

 

Thanks for all your help Dave!!! I really appreciate it!!:-D

 

-Stuck

[Stuck]

Screenshot of Secunia........

Secunia - The Leading Provider of Vulnerability Management and Vulnerability Int_2011-12-15_18-02-19

[Stuck]

Question

 

What do these entries in my Sysprot log mean...?

 

Do they indicate that the softwares we have been using cannot access them or that one has locked them? Just as I cannot access control of my Win Security service? The service in question may be one of them? What is Qoobox... afunction of one of the softwares we've been using?

 

As you know I am most curious!!

 

-Stuck

[Superdave]

I had been using Comodo up until a month ago, got irritated with it and removed it. Do you have a recommendation as to which of the others you find most preferable?

There are all very over-bearing but that's the price one must pay for security.

Is this how you're turning the Security Center on?

 

click Start, right click My Computer and click manage. answer the Elevation prompt, if asked. Double click Services and Applications on the left and single click Services. look for Security Center. click Start. hopefully you wont get an error. right click Security Center in services where it says startup type, choose automatic

 

What do these entries in my Sysprot log mean

Those are files that ComboFix put in quarantine.

[Stuck]

In Vista SP2

 

This is the path in Vista SP2.

 

Access is denied even though I am/run as Administrator.

 

I can live with it... but this part of my system seems to be permanently hijacked... unless I reformat. But I have to get a new external HD before I do that. I can live with it though as the more important functions are working.

 

Thanks a million Dave!!!

[Stuck]

The pathway is a little different than XP and may look a bit different. Nothing I do within my system will allow me to regain access to this service.

 

-Stuck

[Superdave]

If you have your OS disk you can do a repair. That should fix it.

[Stuck]

Thanks again Dave!

 

I will try to locate the disc. I misplaced it when I moved 6 months ago.:-)

 

-Stuck

[Superdave]

Do you have your OS CD/DVD?

 

If so,

 

1/ Click the Start button.

 

2/ From the Start Menu, Click All programs followed by Accessories.

 

3/ In the Accessories menu, Right Click on the Command Prompt option.

 

4/ From the drop down menu that appears, Click on the Run as administrator option.

 

5/ If you have the User Account Control (UAC) enabled you will be asked for authorisation prior to the command prompt opening. You may simply need to press the Continue button if you are the administrator or insert the administrator password etc.

 

6/ In the Command Prompt window, type: sfc /scannow and then press Enter.

 

7/ A message will appear stating that the system scan will begin.

 

8/ Be patient because the scan may take some time.

 

9/ If any files require replacing SFC will replace them. You may be asked to insert your Vista DVD for this process to continue.

 

10/ If everything is okay you should, after the scan, see the following message Windows resource protection did not find any integrity violations.

 

11/ After the scan has completed, Close the command prompt window.

[Stuck]

Thanks!

 

I looked briefly for the disc today. It is buried in a box... one out of 80 boxes (in the back of one of the storage sheds). I had never needed it, thought I never would!

 

My system performs/executes all my commands otherwise. The lost control over the monitoring service is acceptable.

 

My machine is fine... I will repair the small damage to my OS in the spring (spring cleaning) when I locate the disc. (if I haven't upgraded OS by then... which I'm thinking. about doing)

 

The Malware is Gone!

 

My gratitude Dave! I never meant to let you down!!!

 

-Stuck