Malware/Browser Hijack

[iamsam]

Malwarebytes log:


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6145

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/23/2011 3:19:20 PM
mbam-log-2011-03-23 (15-19-20).txt

Scan type: Quick scan
Objects scanned: 169702
Time elapsed: 2 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ESET Log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=f89f305cd61a8c4fba821cdb2a1d409e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-03-23 10:00:15
# local_time=2011-03-23 05:00:15 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 3634166 3634166 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=148397
# found=12
# cleaned=0
# scan_time=5525
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch9.zip Win32/Bagle.gen.zip worm (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\J\My Documents\Downloads\registrybooster.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\JoAnne\Application Data\BfgBar\feeds\bigfishgames.xml Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\JoAnne\Application Data\BfgBar\feeds\newgames.xml Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\JoAnne\Application Data\BfgBar\feeds\topgames.xml Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\JoAnne\Application Data\BfgBar\feeds\whatsnew.xml Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\pciide.sys.vir Win32/Olmarik.ZC trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{5D0DEC44-44F8-4608-83E1-764F13030D1D}\RP1\A0000033.sys Win32/Olmarik.ZC trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{5D0DEC44-44F8-4608-83E1-764F13030D1D}\RP11\A0002196.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\Jdusuyagasuti.dat Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\oqazifowasi.dll Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\usafuxuzed.dll Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I

[Blottedisk]

Hi,


ESET found some more malware to remove. Please do the following:


WARNING !
This script is for THIS user and computer ONLY!
Using this tool incorrectly could damage your Operating System... preventing it from starting again!

You will not have Internet access when you execute ComboFix. All open windows will need to be closed!

Please open Notepad and copy/paste all the text below... into the window:

Code:

File::
C:\Documents and Settings\JoAnne\Application Data\BfgBar\feeds\bigfishgames.xml
C:\Documents and Settings\JoAnne\Application Data\BfgBar\feeds\newgames.xml
C:\Documents and Settings\JoAnne\Application Data\BfgBar\feeds\topgames.xml
C:\Documents and Settings\JoAnne\Application Data\BfgBar\feeds\whatsnew.xml
C:\WINDOWS\Jdusuyagasuti.dat
C:\WINDOWS\oqazifowasi.dll
C:\WINDOWS\usafuxuzed.dll

1. Save it to your desktop as CFScript.txt
2. Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
3. Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:
   
   
   
   This will cause ComboFix to run again.
   Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
   Do Not touch your computer when ComboFix is running!
   When finished... Notepad will open ... ComboFix will produce a log file called "log.txt".
4. Please copy/paste the contents of log.txt... in your next reply.

** Enable your Antivirus and Firewall, before connecting to the Internet again! **

[iamsam]

The log:

ComboFix 11-03-23.01 - J 03/24/2011 8:37.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.629 [GMT -5:00]
Running from: c:\documents and settings\J\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\J\My Documents\Downloads\CFScript.txt
.
FILE ::
"c:\documents and settings\JoAnne\Application Data\BfgBar\feeds\bigfishgames.xml"
"c:\documents and settings\JoAnne\Application Data\BfgBar\feeds\newgames.xml"
"c:\documents and settings\JoAnne\Application Data\BfgBar\feeds\topgames.xml"
"c:\documents and settings\JoAnne\Application Data\BfgBar\feeds\whatsnew.xml"
"c:\windows\Jdusuyagasuti.dat"
"c:\windows\oqazifowasi.dll"
"c:\windows\usafuxuzed.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\JoAnne\Application Data\BfgBar\feeds\bigfishgames.xml
c:\documents and settings\JoAnne\Application Data\BfgBar\feeds\newgames.xml
c:\documents and settings\JoAnne\Application Data\BfgBar\feeds\topgames.xml
c:\documents and settings\JoAnne\Application Data\BfgBar\feeds\whatsnew.xml
c:\windows\Jdusuyagasuti.dat
c:\windows\oqazifowasi.dll
c:\windows\usafuxuzed.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-02-24 to 2011-03-24 )))))))))))))))))))))))))))))))
.
.
2011-03-23 20:25 . 2011-03-23 20:25 -------- d-----w- c:\program files\ESET
2011-03-23 20:15 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-23 20:15 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-23 20:09 . 2011-03-23 20:09 -------- d-----w- c:\program files\CCleaner
2011-03-23 02:30 . 2011-03-23 02:30 -------- d-----w- c:\documents and settings\J\Local Settings\Application Data\AVG Security Toolbar
2011-03-22 13:40 . 2011-03-22 13:41 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-04 22:48 . 2004-08-10 11:00 456192 ----a-w- c:\windows\system32\encdec.dll
2011-02-04 22:48 . 2004-08-10 11:00 291840 ----a-w- c:\windows\system32\sbe.dll
2011-02-02 07:58 . 2008-10-16 04:48 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2008-10-16 04:48 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-10 11:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-10 11:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-10 11:00 1854976 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2011-03-23_14.36.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-23 19:52 . 2011-03-23 19:52 16384 c:\windows\Temp\Perflib_Perfdata_104.dat
+ 2011-03-24 07:53 . 2011-03-24 07:53 1576 c:\windows\SoftwareDistribution\EventCache\{EC0DC6AA-9DAD-4291-A847-FEFEF4A93203}.bin
+ 2010-09-17 16:55 . 2011-03-23 20:09 3330048 c:\windows\system32\config\systemprofile\ntuser.dat
- 2010-09-17 16:55 . 2010-09-17 16:55 3330048 c:\windows\system32\config\systemprofile\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
.
c:\documents and settings\JoAnne\Start Menu\Programs\Startup\
iWin Desktop Alerts.lnk - c:\documents and settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe [N/A]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^JoAnne^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk]
path=c:\documents and settings\JoAnne\Start Menu\Programs\Startup\iWin Desktop Alerts.lnk
backup=c:\windows\pss\iWin Desktop Alerts.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^JoAnne^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=c:\documents and settings\JoAnne\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=c:\windows\pss\RollerCoaster Tycoon 3 Registration.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 20:56 64512 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBMon]
2005-05-19 16:54 1345520 ----a-w- c:\windows\system32\CTMBHA.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-11-05 16:22 221184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]
2004-12-23 00:40 24576 ----a-w- c:\windows\MIDIDEF.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 21:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 06:00 90112 ------w- c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"gupdate1c9b6296af48476"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
.
R2 X4HS32Ex;X4HS32Ex;c:\program files\Free Ride Games\X4HS32Ex.sys [3/15/2010 11:09 AM 53280]
R2 X4HSEx;X4HSEx;c:\program files\Free Ride Games\X4HSEx.sys [4/16/2010 6:53 PM 56352]
S2 gupdate1c9b6296af48476;Google Update Service (gupdate1c9b6296af48476);c:\program files\Google\Update\GoogleUpdate.exe [4/5/2009 3:02 PM 133104]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\J\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\J\LOCALS~1\Temp\CFcatchme.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-05 20:02]
.
2011-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-05 20:02]
.
2011-03-24 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 20:23]
.
2011-03-24 c:\windows\Tasks\User_Feed_Synchronization-{D019EACA-BB13-46C6-A08A-1B23C328FB16}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
TCP: {765C18A5-C191-4DBC-8A3D-878975069E64} = 192.168.1.254
FF - ProfilePath - c:\documents and settings\J\Application Data\Mozilla\Firefox\Profiles\645nbkj0.default\
FF - Ext: RealArcade V3.1 Plugin: npmozax31@real.com - c:\program files\Mozilla Firefox\extensions\npmozax31@real.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Seekeen: {DB390D2E-0FB4-413F-B039-AE342D1D40BA} - c:\program files\Mozilla Firefox\extensions\{DB390D2E-0FB4-413F-B039-AE342D1D40BA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-24 08:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-03-24 08:44:32
ComboFix-quarantined-files.txt 2011-03-24 13:44
ComboFix2.txt 2011-03-23 18:43
ComboFix3.txt 2011-03-23 14:37
ComboFix4.txt 2011-03-23 01:55
.
Pre-Run: 73,559,306,240 bytes free
Post-Run: 73,547,337,728 bytes free
.
- - End Of File - - C581EC8618CE2E7EE5DE6BFA7ACBC182

[Blottedisk]

Hi Sam,


How's the machine working?

We need to get rid of one last Firefox extension. Please follow this procedure:


1. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Code:

Begin copying here:

Folders to delete:
c:\program files\Mozilla Firefox\extensions\{DB390D2E-0FB4-413F-B039-AE342D1D40BA}

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Now, open the avenger folder and start The Avenger program by clicking on its icon.

• Right click on the window under Input script here:, and select Paste.
• You can also Paste the text copied to the clipboard into this window by pressing (Ctrl+V), or click on the third button under
  the menu to paste it from the clipboard.
• Click on Execute
• Answer "Yes" twice when prompted.

3. The Avenger will automatically do the following:

• It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete" or "Drivers
  to Disable", The Avenger will actually restart your system twice.)
• On reboot, it will briefly open a black command window on your desktop, this is normal.
• After the restart, it creates a log file that should open with the results of Avenger's actions. This logfile will be located at C:\avenger.txt
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and
  moved the zip archives to C:\avenger\backup.zip.

4. Please copy/paste the content of c:\avenger.txt into your reply.

• On reboot, it will briefly open a black command window on your desktop, this is normal.
• After the restart, it creates a log file that should open with the results of Avenger's actions. This logfile will be located at C:\avenger.txt
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply.

[iamsam]

Blottedisk,

Thinks are much, much better on the PC. The Rootkit was killing me. Please accept my sincere thanks for all your help.

Here is the Avenger log:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Folder "c:\program files\Mozilla Firefox\extensions\{DB390D2E-0FB4-413F-B039-AE342D1D40BA}" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

[Blottedisk]

Hi sam,

You are very welcome. Congratulations, we are done

Please follow these last steps:


Step 1 | Delete ComboFix and Clean Up

The following will implement some cleanup procedures as well as reset System Restore points. Click Start > Run and copy/paste the following underlined text into the Run box and click OK:

ComboFix /Uninstall

Please advise if this step is missed for any reason as it performs some important actions.


Step 2 | Please download OTC by OldTimer to your desktop and run it

• Click Yes to beginning the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Step 3 | Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:

• Download the latest version of Adobe Reader Version X. and save it to your desktop.
• Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered.
• Click the download button at the bottom.
• If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
• Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
• If you are unsure of how to use Add or Remove Programs, the please see this tutorial: How To Remove An Installed Program From Your Computer
• Then from your desktop double-click on Adobe Reader to install the newest version.
• If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
• When the "Adobe Setup - Welcome" window opens, click the Install > button.
• If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
• Once the installation is finished, open Adobe Reader and accept the warranty if prompted.
• Click on Help and select Check for Updates.
• A window will open and Adobe will check for Updates. If any updates are found to be available click on Download.
• Once the update is downloaded you will get a system notification telling you so. Click on the popup to restore the window.
• In the window that opens click Install.
• Once the update is done click Close.
• Your Adobe Reader is updated now.

Step 4 | Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version Java components and update.

• Click on the following link to visit java website: Java Runtime Environment (JRE) 6
  
• Scroll down to where it says "JDK 6 Update 24 (JDK or JRE)".
• Click the "Download" button to the right column (JRE).
• Select the Windows platform from the dropdown menu.
• Read the License Agreement and then check the box that says: " I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue. The page will refresh.
• Click on the link to download Windows Offline Installation and save the file to your desktop.
• Close any programs you may have running - especially your web browser.
• Now go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java version.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on the recently downloaded java installer icon to install the newest version.

• After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and AppletsTrace and Log Files
  • Click OK on Delete Temporary Files Window Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

Last Step | Now, in order to avoid future infections, please take time to read the following article:

So how did I get infected in the first place?

Thank you for your patience, and performing all of the procedures requested. I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed

[iamsam]

I uninstalled ComboFix, ran OTC, updated Adobe and Java.

Thanks again for all your help. Please close the thread.

[Blottedisk]

You are welcome

Since this issue appears to be resolved, this Topic will be closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.