Moneypak, Virus White Screen.

[Veronica_Parker]

Hello there guys, You can call me Veronica

 

I had my old laptop which catched a virus about two months ago, At first it had a FBI warning message virus which kept popping up as soon as I logged into Windows which look like this

 I did a System Restore and it went away but then it came back but since I have two Computers, I switched to the second and forgot about it, So I went back to this old Infected laptop, today and as soon as I load the computer a white screen pops up, I can't do anything so I reset my computer, I tried System Restore In Boot Menu it won't load any new Restore Points there all gone, I can't even acess the main system just a white screen, I learned to get into the system by going threw Command Prompt Safe Mode, Which I load the explorer.exe to view my files please help me thank you!

[D-FRED-BROWN]

Hello Veronica_Parker and welcome to Malwarebtyes.

 

I am D-FRED-BROWN and I will be helping you.

 
This should get you going. Please do the following:
 
For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select English as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Select English as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

• • Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Let me know how things go. If you at any point have trouble using FRST, please stop and post back here to let me know.


-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"
 

-------> Your topic will be closed if you haven't replied within 3 days! <--------
(If I don't respond within 24 hours, please send me a PM)

-DFB

[Veronica_Parker]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-08-2013

Ran by me (administrator) on 13-08-2013 22:14:27

Running from E:\

Microsoft Windows 7 Enterprise  (X86) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Safe Mode (minimal)

 

==================== Processes (Whitelisted) ===================

 

(Microsoft Corporation) C:\Windows\system32\cmd.exe

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [avast!] - C:\Program Files\Alwil Software\Avast4\ashDisp.exe [81000 2008-11-26] (ALWIL Software)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated)

HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [262656 2009-07-13] (Microsoft Corporation)

HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [360448 2009-07-13] (Microsoft Corporation)

HKCU\...\Winlogon: [shell] explorer.exe,C:\Users\me\AppData\Roaming\skype.dat [109056 2011-11-17] (VSN Software LTD) <==== ATTENTION 

HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-3739334566-2796636501-3400284966-1000\$37051afcd285fca036f31d01421f4118\n. ATTENTION! ====> ZeroAccess?

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://htemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=1243751039104405&q={searchTerms}

CHR DefaultSuggestURL: (Search Results) -       "suggest_url": ""

CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File

CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\26.0.1410.64\gcswf32.dll No File

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File

CHR Extension: (YouTube) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Google Search) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (Gmail) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

 

========================== Services (Whitelisted) =================

 

S2 aswUpdSv; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [18752 2008-11-26] (ALWIL Software)

S2 avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [155160 2008-11-26] (ALWIL Software)

S3 avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [254040 2008-11-26] (ALWIL Software)

S3 avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [352920 2008-11-26] (ALWIL Software)

S2 CronService; C:\Prey\platform\windows\cronsvc.exe [19968 2011-02-15] (Fork Ltd.)

 

==================== Drivers (Whitelisted) ====================

 

S2 aswFsBlk; C:\Windows\System32\DRIVERS\aswFsBlk.sys [20560 2008-11-26] (ALWIL Software)

S2 aswMonFlt; C:\Windows\System32\DRIVERS\aswMonFlt.sys [51792 2008-11-26] (ALWIL Software)

S1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [23152 2008-11-26] (ALWIL Software)

S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [111184 2008-11-26] (ALWIL Software)

S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [50864 2008-11-26] (ALWIL Software)

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-08-13 22:08 - 2013-08-13 22:08 - 00131072 ____N C:\Windows\Minidump\081313-19359-01.dmp

2013-08-13 21:12 - 2013-08-14 01:15 - 00000000 _____ C:\Recovery.txt

2013-08-13 21:10 - 2013-08-13 21:10 - 00131072 ____N C:\Windows\Minidump\081313-20609-01.dmp

2013-08-10 14:15 - 2013-08-10 14:15 - 00131072 ____N C:\Windows\Minidump\081013-53796-01.dmp

2013-08-10 14:07 - 2013-08-10 14:07 - 04188160 _____ C:\Program Files\GUT2A91.tmp

2013-08-10 14:07 - 2013-08-10 14:07 - 00000000 ____D C:\Program Files\GUM2A81.tmp

 

==================== One Month Modified Files and Folders =======

 

2013-08-14 01:15 - 2013-08-13 21:12 - 00000000 _____ C:\Recovery.txt

2013-08-13 22:14 - 2013-08-13 22:14 - 00000000 ____D C:\FRST

2013-08-13 22:11 - 2012-08-09 14:34 - 00726316 _____ C:\Windows\system32\PerfStringBackup.INI

2013-08-13 22:09 - 2012-08-25 01:47 - 00000000 ____D C:\Windows\Minidump

2013-08-13 22:08 - 2013-08-13 22:08 - 00131072 ____N C:\Windows\Minidump\081313-19359-01.dmp

2013-08-13 22:06 - 2013-03-25 15:41 - 00001456 _____ C:\Windows\setupact.log

2013-08-13 21:12 - 2012-08-09 14:29 - 00000000 __SHD C:\Recovery

2013-08-13 21:10 - 2013-08-13 21:10 - 00131072 ____N C:\Windows\Minidump\081313-20609-01.dmp

2013-08-13 21:08 - 2013-06-01 01:40 - 00000004 _____ C:\Users\me\AppData\Roaming\skype.ini

2013-08-13 21:08 - 2009-07-13 22:04 - 00002577 _____ C:\Windows\system32\config.nt

2013-08-13 21:07 - 2012-10-06 18:07 - 00000029 _____ C:\Windows\system32\TempWmicBatchFile.bat

2013-08-13 21:07 - 2012-08-26 01:53 - 00000874 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-08-13 21:07 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-08-13 21:03 - 2013-03-25 11:18 - 01608688 _____ C:\Windows\WindowsUpdate.log

2013-08-13 20:59 - 2009-07-14 00:34 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-08-13 20:59 - 2009-07-14 00:34 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-08-13 20:54 - 2012-08-26 01:55 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2013-08-13 20:52 - 2009-07-14 00:53 - 00032558 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-08-10 20:34 - 2012-08-26 01:53 - 00000878 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-08-10 20:34 - 2012-08-26 01:53 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-08-10 14:15 - 2013-08-10 14:15 - 00131072 ____N C:\Windows\Minidump\081013-53796-01.dmp

2013-08-10 14:07 - 2013-08-10 14:07 - 04188160 _____ C:\Program Files\GUT2A91.tmp

2013-08-10 14:07 - 2013-08-10 14:07 - 00000000 ____D C:\Program Files\GUM2A81.tmp

 

ZeroAccess:

C:\Windows\assembly\GAC\Desktop.ini

 

Files to move or delete:

====================

C:\Users\me\AppData\Roaming\skype.dat

C:\Users\me\AppData\Roaming\skype.ini

 

==================== Bamital & volsnap Check =================

 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys

[2012-12-12 23:54] - [2012-09-06 12:48] - 0245616 ____A (Microsoft Corporation) 59F06B4968E58BC83DFC56CA4517960E

 

 

 

LastRegBack: 2013-05-13 11:19

 

==================== End Of Log ============================

[D-FRED-BROWN]

Please do the following:

• Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
• Right-click in the open notepad and select Paste).
• Save it on the flashdrive as fixlist.txt

HKCU\...\Winlogon: [shell] explorer.exe,C:\Users\me\AppData\Roaming\skype.dat [109056 2011-11-17] (VSN Software LTD) <==== ATTENTION
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-3739334566-2796636501-3400284966-1000\$37051afcd285fca036f31d01421f4118\n. ATTENTION! ====> ZeroAccess?
C:\Users\me\AppData\Roaming\skype.dat
C:\Users\me\AppData\Roaming\skype.ini
C:\Windows\assembly\GAC\Desktop.ini

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.

Run FRST and press the Fix button just once and wait. The tool will make a log on the flashdrive (Fixlog.txt) please post it in your next reply.
 
After that- are you able to boot into normal mode? Let me know when you can as we have more malware to remove.

[Veronica_Parker]

Yay I can log back on now !!! ♥♥♥♥♥

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-08-2013

Ran by me at 2013-08-13 22:37:47 Run:1

Running from E:\

Boot Mode: Safe Mode (minimal)

 

==============================================

 

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon => Key deleted successfully.

HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully.

C:\Users\me\AppData\Roaming\skype.dat => Moved successfully.

C:\Users\me\AppData\Roaming\skype.ini => Moved successfully.

C:\Windows\assembly\GAC\Desktop.ini => Moved successfully.

 

==== End of Fixlog ====

[D-FRED-BROWN]

Glad to hear you can boot. Let's start getting rid of the rest of it:

 

 

----------Step 1----------------
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

• Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
  Vista/Windows 7 users right-click and select Run As Administrator.
• If TDSSKiller does not run, try renaming it.
• To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
• Click the Start Scan button.
• Do not use the computer during the scan
• If the scan completes with nothing found, click Close to exit.
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
• Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
• A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
• Copy and paste the contents of that file in your next reply.

----------Step 2----------------
Please download Malwarebytes Anti-Rootkit from HERE

• Unzip the contents to a folder in a convenient location.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

----------Step 3----------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.


NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


----------Step 4----------------
Please download Security Check by screen317 from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------Step 5----------------
In your next reply, please include the following:

• TDSSKiller's logfile
• MBAR mbar-log.txt and system-log.txt
• ComboFix's report (C:\ComboFix.txt)
• Security Check checkup.txt

After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask.

[Veronica_Parker]

❤❤ Ok here you are and my system's been working fine since I got rid of that,after using the programs, and I rebooted my computer ❤❤

checkup.txt

Combofix.txt

mbar-log-2013-08-13 (22-53-52).txt

TDSSKiller.2.8.18.0_13.08.2013_23.39.05_log.txt

[D-FRED-BROWN]

We're making progress.

----------Step 1----------------
Please download AdwCleaner by Xplode onto your desktop.

• Double click on AdwCleaner.exe to run the tool.
• Click on Search.
• A logfile will automatically open after the scan has finished.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[R1].txt as well.

----------Step 2----------------
Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

----------Step 3----------------
We need to create a New FULL OTL Report

• Please download OTL from here if you have not done so already:
  • Main Mirror
• Save it to your desktop.
• Double click on the OTL icon on your desktop.
• Click the "Scan All Users" checkbox.
• Change the "Extra Registry" option to "SafeList"
• Push the Run Scan button.
• Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

----------Step 4 (note: this scan may take a little time)----------------I'd like us to scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
• Click the button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
• Check
• Click the button.
• Accept any security warnings from your browser.
• Check
• Push the Start button.
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push
• Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• Push the button.
• Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt


----------Step 5----------------
Please post the AdwCleaner logfile, the JRT.txt, the OTL.txt and Extras.txt, and the ESET online scan log in your next reply.

Let me know how things go.

[Veronica_Parker]

^.^ Here ♥ 

AdwCleaner0.txt

eset.txt.txt

JRT.txt

OTL.Txt

[D-FRED-BROWN]

We're nearly in the clear.

 

----------Step 1----------------
We need to run an OTL Fix

• Please reopen on your desktop.
• Copy and Paste the following code into the textbox.
  
  

  :OTL
  [2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
   
  [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
   
  [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
   
  [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
  "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
  "ThreadingModel" = Apartment
   
  [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
  "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 21:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
  "ThreadingModel" = Free
   
  [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
  "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
  "ThreadingModel" = Both
  
  [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
  
  
  :Commands
  [purity]
  [emptytemp]
  [emptyjava]
  [emptyflash]
  [Reboot]

• Push
• OTL may ask to reboot the machine. Please do so if asked.
• Click the OK button.
• A report will open. Copy and Paste that report in your next reply.

----------Step 2----------------
Instructions for DELETE:

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Delete.
• Confirm each time with Ok.
• You will be prompted to restart your computer. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[s1].txt as well.

Afterwards, please reboot the computer.

----------Step 3----------------
Please post the OTL and AdwCleaner reports in your next reply. How are things running now?

[Veronica_Parker]

Things are running fine hereee

OTL file.txt

[D-FRED-BROWN]

Looks good. Your logs appear to be clean.

 

Please take the time to install the following updates. Program updates are a critical because they protect your computer from being infected by malware.

-----

 

You have an out-of-date Service Pack for Windows 7. You should install the latest Service Pack as outdated software leaves you vulnerable to malware:  http://windows.microsoft.com/en-us/windows/service-packs-download#sptabs=win7

 

-----

 

You're using an old version of Adobe Acrobat Reader, this can leave your PC open to vulnerabilities, you can update it here (uninstall version 7.0 first):
Adobe Reader X

Note: I suggest you uncheck an optional, third-party download (eg. McAfee Security Scan Plus).

After successfully installing Adobe Reader X, see this article on how to make this program more secure: Adobe Reader X secures itself by playing in the sandbox.

 

-----

Java is out of date and older versions contain vulnerabilities. Please update to the newest version.

Download the newest version from here http://java.com/en/download/index.jsp.

It's important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to Start > Control Panel and open Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment).  
They will have this icon next to them: 
Select each in turn and click Remove.

Once old versions are gone, please install the newest version.

-----
 

Please let me know how the updates went, as failed updates may be due to malware.

[Veronica_Parker]

Ok I installed the Updates, There working lovely everything seems back to normal, I have a question is it ok that I use CCleaner? I didn't wanna use it without your permission.

[D-FRED-BROWN]

Yes, feel free to use CCleaner.

 

------

 

Glad to hear the updates went successfully!

Unless there are any other issues, I will now provide you with some steps to better protect your computer.

First, we need to remove ComboFix.

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

-------------------

Let's remove OTL and the other tools we used as well:

• Reopen on your desktop.
• Click on
• You will be prompted to reboot your system. Please do so.
  

-------------------

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

-------------------

It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.

avast!.
AntiVir
AVG
Microsoft Security Essentials

-------------------

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

-------------------

Please, consider maintaining a firewall with HIPS (Host Intrusion Prevention Systems). Firewalls are extremely important and are the first part of your computer's defense. HIPS stops malware by monitoring its behavior and it's very important, too.
A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.
If you are using the Windows Firewall please note that it doesn't monitor or block outbound traffic and is therefore less effective than other free alternatives.

These firewalls are good and do have free versions available

• Outpost Firewall Free
  Online Armor Firewall
  

A tutorial on understanding and using firewalls may be found here.

-------------------

Please keep your security programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time.

-------------------

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewa...nti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

-------------------

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.
If you are interested, Firefox may be downloaded from here
Opera is available here: http://www.opera.com/download/

-------------------

For more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.

-------------------

I would grateful if you could reply to this post so that I know you have read it and, if you have no other questions, the thread can then be closed.

I will leave the thread open for a few more days. If you need anything, just come back here and let me know. After that time you will have to send me a PM.

---------------------------------------------------------

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against malware, then click here:
Every little bit helps.

-DFB
 

[Veronica_Parker]

Thanks for helping me you can close this now!

 

-xoxo Veronica!

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!