Problem with Windows Defender

[pntball650]

Im running windows 7 home premium 32bit. Ok I guess I'll just start from the beginning. I noticed a couple days ago that I had a notification in my toolbar that said Defender had found some problems. I click on it and defender opens just for a second and says I have two trojans then closes quickly. I try to open it over and over and it will open for a split second then close immediately. I restarted multiple times and the same thing kept happening. I ran MalwareBytes and it found 4 trojans which I erased. The problem still was not fixed. I went through steps to delete Defender in hopes of re installing. Everytime I tried to reinstall I got a message stating that Defender is included in Windows Vista and there was no need to install. Well ultimately I downloaded a .msi extractor and took the files out myself. I added them back to C:\Program Files\Windows Defender. Now when I go to run it I get the message "Application failed to initialize: 0x80070006. The handle is invalid." but this also instantly goes away just as fast as it opened. In an attempt to trick whatever virus I have I renamed MSASCui.exe(defender) to random letters and ran again. This time the same message came up but it stayed on the screen until i clicked it off. Part of this virus seems to be a google hijaker. This is very frustrating....any info will help.

p.s. I have run Sophos AntiVirus scan, MalwareBytes, Pandascan, Spybot S&D and none find anything out of the ordinary besides the initial find by malwarebytes that I already deleted

 

[WDAexodus]

Have you attempted to download a bootable AV and attempt to run a scan independent of windows. I use bitdefender recovery tool.

 

[pntball650]

I have not....I will look into that and try it this afternoon

 

[Jacee]

Take one and pass it around FREE Bootable AntiVirus Rescue CDs Download List

 

[pntball650]

I tried bit defender it found one trojan popup virus that I got rid of but Defender still will not load and my browser is still being hijaked only from google.com

 

[DBone]

Run SAS online scan SUPERAntiSpyware.com - Online Scanner

 

[pntball650]

Ran SAS. It found one tracker registry entry and some cookies issues but nothing else. Google still being redirected randomly but not all the time and defender still will not work

 

[Jacee]

Download Combofix from any of the links below, and save it to your desktop.<--Important
Link 1
Link 2
Link 3

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
Next: Disconnect from the internet. If you are on Cable or DSL, unplug your computer from the modem.
Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

• Double click combofix.exe and follow the prompts.
• When finished, it will produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Please be patient while the scan runs, at times it may appear to stall.
When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.
After rebooting ensure your Security applications have been re-enabled.

 

[pntball650]

Combofix and hijackthis log attached

 

[Jacee]

I see you have used Combofix before ...
ComboFix2.txt 2010-10-19 20:32
ComboFix3.txt 2009-04-07 15:12

Did you download a fresh copy of CF, or is it the same one you've been using?

Sophos is out of date, was this a trial or paid for version?


I'd like you to scan your machine with ESET OnlineScan

1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
   ESET OnlineScan
2. Click the
   
   button.
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   1. Click on
      
      to download the ESET Smart Installer. Save it to your desktop.
   2. Double click on the
      
      icon on your desktop.
4. Check
   
5. Click the
   
   button.
6. Accept any security warnings from your browser.
7. Check
   
8. Push the Start button.
9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
10. When the scan completes, push
    
11. Push
    
    , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
12. Push the
    
    button.
13. Push
    

 

[pntball650]

The CF is new from the link that you provided. Sophos is a paid corporate edition. The ESET log is attached. Defender still fails to load with the message, "Application failed to initialize: 0x80070006. The handle is invalid."

 

[Jacee]

Download ATF Cleaner Welcome to the Frontpage - www.atribune.org
Click "Main" > check 'select all' (except Prefetch) this first time using it, then click "Empty Selected". Do the same for FireFox or Opera if you use either of those browsers.
Finally go to Control Panel > Internet Options.
On the General tab under "Temporary Internet Files" Click "Delete Files".
Put a check by "Delete Offline Content" and click OK.

Now download JavaRa and run |MG| JavaRA 1.16 Beta Download

Update your Java!

• Download the latest version of Java Runtime Environment (JRE) 6.
• Scroll down to where it says "Java Runtime Environment (JRE) 6u24 allows end-users to run Java applications".
• Click the "Download" button to the right.
• Check the box that says: "Accept License Agreement".
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u24-windows-i586-p.exe to install the newest version.

Now type services.msc in the start search box. Click on the icon. When the window opens, see if Windows Defender is set to automatic and started. To do this, right click and choose properties

 

[pntball650]

Ok seems that the Defender service is not in my service list.....weird? anyway to reinstall this?

 

[Jacee]

You don't need it if you have good anti-malware programs running. I disabled it ages ago, on all three of my computers.

Make sure Sophos is updated and running. Also keep MalwareBytes' updated.

Are you still getting redirected?

 

[pntball650]

seems to be fine right now. If I notice anything else I'll be sure to let you know. Thankyou to everyone for the help.

 

[Jacee]

Let's do a little clean-up ...

• Click START then RUN
• Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
• When shown the disclaimer, Select "2"

The above procedure will:
Delete the following:

• ComboFix and its associated files and folders.
  
  
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Set a new, clean Restore Point.