Malware problems with my PC

[laudorum]

Hi Juliet,I've done that BFEreg thing you asked in your last post,although I've no idea what the purpose was! generally I stay away from the registry,as it's so easy do something dumb and end up with a PC which refuses to work.
I'm pleased to say that the bootup time is a lot quicker,and the PC is much less sluggish and is approaching the kind of response I enjoyed previously,So much kudos to you, and many thanks for leading a paranoid senior threw the various stages of repair.
I assume i need to do some deleting of the many programs we've used.
Kindest Regards,Laudorum

[Juliet]

Your infection had corrupted system files that we were lucky being able to repair a few. I don't like the registry either because 1 small mistake can render your machine into an expensive door stop.
If I have lessen your stress then I did my job, and I am happy I could help you.

**
If you would like to use the program I'm about to post to disable unneeded start up entries you may still be able to quicken even more at bootup time.

You can research each entry Here http://www.systemlookup.com/lists.php?list=2
Put the executable file into the open box and search, read against the code. The bit to put into the box is "file name.exe"

Or you can use Malwarebytes Startuplite available Here http://www.malwarebytes.org/startuplite.php
The instructions are in the link. Basically d/l and install the program then follow the prompts.

**

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Run FRST/FRST64 and press the Fix button just once and wait.
no needed to post the log this time.

start
DeleteQuarantine:
end

***

Don't miss or skip this next step, this will remove malicious files from quarantine and set a clean restore point.

Go to Start > Run > copy and paste the full text path in the run box

ComboFix /Uninstall

Note the space between the x and the /U, it needs to be there.

*****

1. Download Delfix from here
2. Ensure Remove disinfection tools is ticked
   Also tick:
   
   • Create registry backup
   • Purge system restore
   
   
   
3. Click Run

Any other tools and files found can simply be deleted or uninstall via Add/Remove Programs in the Control Panel etc.

*********

Your good to go, good job!

Please take the time to read over a few of my preventive tips.

Computer Security
http://malwareremoval.com/forum/view...557960#p557960
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be prepared for CryptoLocker:

Cryptolocker Ransomware: What You Need To Know

CryptoLocker Ransomware Information Guide and FAQ

to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please navigate to Microsoft Windows Updates and download all the "Critical Updates" for Windows.


Firefox 3
The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 3, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
*NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

AdblockPlus

• AdblockPlus, Surf the web without annoying ads!
• Blocks banners, pop-ups and video ads - even on Facebook and YouTube
• Protects your online privacy
• Two-click installation, It's free!
• click the icon that corresponds to your browser and download.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

WOT Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

• Green should be good to go
• Yellow for caution
• Red to stop

~~~~~~~~~~~~~~~~~~~~~~~~~~~~
How to prevent Malware: Created by Miekiemoes


WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article (http://www.forbes.com/sites/eliseack...-disable-java/
and this article (http://www.nbcnews.com/technology/te...late-1B7938755

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser (http://www.geekstogo.com/2600/how-to...r-web-browser/) and How to unplug Java from the browser (http://krebsonsecurity.com/how-to-un...m-the-browser/)


Avoid P2P

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

• FBI Cyber Education Letter
  USAToday
  infoworld

*********************************************
Please read the following safe computing articles..

Secure My Computer: A Layered Approach


Free Antivirus-AntiSpyware-Firewall Software

Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

[laudorum]

Hi Juliet,I'm Having trouble uninstalling ComboFix.I followed your instructions,but when I press OK,in the run box I get a dialog box open advising me that "Windows cannot find ComboFix".It is installed on my Desktop.

[Juliet]

Hi Juliet,I'm Having trouble uninstalling ComboFix.I followed your instructions,but when I press OK,in the run box I get a dialog box open advising me that "Windows cannot find ComboFix".It is installed on my Desktop.

Not a problem.

Just manually look for and delete if found.

C:\Qoobox\<--folder
C:\Combofix\<--folder

[laudorum]

Panic over Juliet,Delfix has deleted it.

[laudorum]

Hi Juliet,sorry to bother you again,But I thought I'd try Windows update in control panel,since I'v not seen any updates being installed when I turn my PC "OFF",The dialog box said" Windows can't check for updates"-error code 80070490.
I downloaded the KB947821 fix and,again.after running 45mins or so it told me that the installation had been completed,so I checked again in windows update,and got the same error code.
I then tried the MS FIXIT,which did run, but failed to rectify the problem.
Just as another aside I tried NoScript for Firefox,But it's making Firefox very Slow and if I have more than a couple of tabs open it stops responding,and the screen goes blank.Looks like I'm going to have to delete it.
Regards,Laudorum

[Juliet]

Download Windows Repair (all in one) from this site

Install the programme then run
Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

Go to Step 4 and under "System Restore" click on Create button:

Go to Start Repairs tab and click Start button.


On the start repairs tab click start


Select the following items and tick restart system when finished

Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Repair Windows Firewall
Repair Internet Explorer
Repair Hosts File
Remove Policies Set By Infections
Repair Missing Start menu Icons
Repair Icons
Repair Winsock & DNS Cache
Remove Temp Files
Repair Proxy Settings
Unhide Non System Files
Repair Windows Updates
Set windows Services To Default
Repair MSI (windows Installer)
Repair File Associations
Repair windows Safe mode

[laudorum]

Hi Juliet,I've done the The Windows Repair,and attempted to update windows again,same error code dialog.
do you want me to post logs?,if so do you need full logs or just the repair windows update log.
Regards,Laudorum

[Juliet]

repair windows update log <--
Let's see if we can get the info needed from this.

Also
Please download Farbar Service Scanner and run it on the computer.

Make sure the following options are checked:

• Internet Services
  Windows Firewall
  System Restore
  Security Center
  Windows Update

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

[laudorum]

hi Juiet.As requested here is the Fss.txt log:-

arbar Service Scanner Version: 25-02-2014
Ran by Stephen (administrator) on 31-03-2014 at 13:53:09
Running from "C:\Users\Stephen\Downloads"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

Hope this helps