Windows Firewall, Windows update and Windows Security Center is dead!

[Rikval445]

Hello everyone, a few days ago I took a Trojan.Dropper, and managed to make a hole through the firewall and was able to install me many other tools malware, in that moment I had installed as antivirus solution "Advanced system care with antivirus 2013" but did not detect the trojan while he was running, I installed mbam I rebooted into safe mode and I started a full scan, I found 8 entries from fixed, I removed it, then I rebooted and I ran a full scan with ASC + AV 2013, I found 4 virus, I removed and I rebooted again, now the system should be clean, but windows firewall, windows update it, nor the security center I work more, I also used microsoft fix utilities but have not resolved my problem, you have any solutions? Thanks in advance.

[Superdave]

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer.

 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

 

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

*************************************************************

Re-run MBAM:

 

Code:

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply..

 

*********************************************************

Please download AdwCleaner by Xplode onto your Desktop.

• 
  
• Double click on AdwCleaner.exe to run the tool.
  
• Click on Search.
  
• A logfile will automatically open after the scan has finished.
  
• Please post the content of that logfile in your reply.
  
• You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
  

[Rikval445]

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer.

 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

 

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

*************************************************************

Re-run MBAM:

 

Code:

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply..

 

*********************************************************

Please download AdwCleaner by Xplode onto your Desktop.

• 
  
• Double click on AdwCleaner.exe to run the tool.
  
• Click on Search.
  
• A logfile will automatically open after the scan has finished.
  
• Please post the content of that logfile in your reply.
  
• You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
  

 

 

Hello Dave, thanks for the reply, I am attaching the two logs:

 

*****************************************

 

Malwarebytes Anti-Malware (PRO) 1.65.0.1400

http://www.malwarebytes.org

 

Database Version: v2012.09.16.11

 

Windows 7 x86 NTFS

Internet Explorer 9.0.8112.16421

Riccardo :: RICCARDO-PC [limited]

 

Protection: Off

 

16/09/2012 22:34:55

mbam-log-2012-09-16 (22-34-55).txt

 

Scan type: Quick scan

Scanning options active: Memory | Startup | Registry | File System | Heuristics / Extra | Heuristics / Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 189981

Time: 19 minutes, 28 seconds

 

Detected processes in memory: 0

(no malicious items detected)

 

Memory modules are detected: 0

(no malicious items detected)

 

Registry keys detected: 1

HKCU \ Software \ DC3_FEXEC (Malware.Trace) -> Quarantined Moved and deleted successfully

 

Registry Values ​​detected: 0

(no malicious items detected)

 

Items recorded in the log data: 0

(no malicious items detected)

 

Folders found: 1

C: \ Users \ Riccardo \ AppData \ Roaming \ dclogs (Stolen.Data) -> Moved to quarantine and deleted successfully.

 

Detected files: 5

C:\Windows\assembly\GAC\Desktop.ini (Rootkit.0access) -> Moved to quarantine and deleted successfully.

C:\Users\Riccardo\AppData\Roaming\dclogs\2012-09-13-5.dc (Stolen.Data) -> Moved to quarantine and deleted successfully.

C:\Users\Riccardo\AppData\Roaming\dclogs\2012-09-14-6.dc (Stolen.Data) -> Moved to quarantine and deleted successfully.

C:\Users\Riccardo\AppData\Roaming\dclogs\2012-09-15-7.dc (Stolen.Data) -> Moved to quarantine and deleted successfully.

C:\Users\Riccardo\AppData\Roaming\dclogs\2012-09-16-1.dc (Stolen.Data) -> Moved to quarantine and deleted successfully.

 

(end)

 

 

____________________________________________________________

 

# AdwCleaner v2.002 - Logfile created 09/16/2012 at 23:27:28

# Updated 16/09/2012 by Xplode

# Operating system : Windows 7 Home Premium (32 bits)

# User : Riccardo - RICCARDO-PC

# Boot Mode : Normal

# Running from : C:\Users\Riccardo\Desktop\adwcleaner.exe

# Option [search]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

 

***** [Registry] *****

 

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

Key Found : HKCU\Software\Softonic

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM

Key Found : HKU\S-1-5-21-3937133037-340116210-3993381083-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v9.0.8112.16421

 

[OK] Registry is clean.

 

-\\ Opera v12.2.1578.0

 

File : C:\Users\Riccardo\AppData\Roaming\Opera\Opera\operaprefs.ini

 

[OK] File is clean.

 

*************************

 

AdwCleaner[R1].txt - [998 octets] - [16/09/2012 23:27:28]

 

########## EOF - C:\AdwCleaner[R1].txt - [1057 octets] ##########

[Rikval445]

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer.

 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

 

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

*************************************************************

Re-run MBAM:

 

Code:

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply..

 

*********************************************************

Please download AdwCleaner by Xplode onto your Desktop.

• 
  
• Double click on AdwCleaner.exe to run the tool.
  
• Click on Search.
  
• A logfile will automatically open after the scan has finished.
  
• Please post the content of that logfile in your reply.
  
• You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
  

 

 

Hello Dave, thanks for the reply, I am attaching the two logs:

 

*****************************************

 

Malwarebytes Anti-Malware (PRO) 1.65.0.1400

http://www.malwarebytes.org

 

Database Version: v2012.09.16.11

 

Windows 7 x86 NTFS

Internet Explorer 9.0.8112.16421

Riccardo :: RICCARDO-PC [limited]

 

Protection: Off

 

16/09/2012 22:34:55

mbam-log-2012-09-16 (22-34-55).txt

 

Scan type: Quick scan

Scanning options active: Memory | Startup | Registry | File System | Heuristics / Extra | Heuristics / Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 189981

Time: 19 minutes, 28 seconds

 

Detected processes in memory: 0

(no malicious items detected)

 

Memory modules are detected: 0

(no malicious items detected)

 

Registry keys detected: 1

HKCU \ Software \ DC3_FEXEC (Malware.Trace) -> Quarantined Moved and deleted successfully

 

Registry Values ​​detected: 0

(no malicious items detected)

 

Items recorded in the log data: 0

(no malicious items detected)

 

Folders found: 1

C: \ Users \ Riccardo \ AppData \ Roaming \ dclogs (Stolen.Data) -> Moved to quarantine and deleted successfully.

 

Detected files: 5

C:\Windows\assembly\GAC\Desktop.ini (Rootkit.0access) -> Moved to quarantine and deleted successfully.

C:\Users\Riccardo\AppData\Roaming\dclogs\2012-09-13-5.dc (Stolen.Data) -> Moved to quarantine and deleted successfully.

C:\Users\Riccardo\AppData\Roaming\dclogs\2012-09-14-6.dc (Stolen.Data) -> Moved to quarantine and deleted successfully.

C:\Users\Riccardo\AppData\Roaming\dclogs\2012-09-15-7.dc (Stolen.Data) -> Moved to quarantine and deleted successfully.

C:\Users\Riccardo\AppData\Roaming\dclogs\2012-09-16-1.dc (Stolen.Data) -> Moved to quarantine and deleted successfully.

 

(end)

 

 

____________________________________________________________

 

# AdwCleaner v2.002 - Logfile created 09/16/2012 at 23:27:28

# Updated 16/09/2012 by Xplode

# Operating system : Windows 7 Home Premium (32 bits)

# User : Riccardo - RICCARDO-PC

# Boot Mode : Normal

# Running from : C:\Users\Riccardo\Desktop\adwcleaner.exe

# Option [search]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

 

***** [Registry] *****

 

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

Key Found : HKCU\Software\Softonic

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM

Key Found : HKU\S-1-5-21-3937133037-340116210-3993381083-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v9.0.8112.16421

 

[OK] Registry is clean.

 

-\\ Opera v12.2.1578.0

 

File : C:\Users\Riccardo\AppData\Roaming\Opera\Opera\operaprefs.ini

 

[OK] File is clean.

 

*************************

 

AdwCleaner[R1].txt - [998 octets] - [16/09/2012 23:27:28]

 

########## EOF - C:\AdwCleaner[R1].txt - [1057 octets] ##########

 

 

"I'm noticing strange things lately, as if someone spy on my activities through some key loggers, logging on Facebook recently read warnings like "An unknown device has attempted to connect around ..."

 

Thanks in advance for your help.

[Superdave]

Download Security Check by screen317 from one of the following links and save it to your desktop.

 

Link 1

Link 2

 

* Double-click Security Check.bat

* Follow the on-screen instructions inside of the black box.

* A Notepad document should open automatically called checkup.txt

* Post the contents of that document in your next reply.

 

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

***************************************************************

Remove the Adware:

• Please close all open programs and internet browsers.
  
• Double click on adwcleaner.exe to run the tool.
  
• Click on Delete.
  
• Confirm each time with OK
  
• Your computer will be rebooted automatically. A text file will open after the restart.
  
• Please post the content of that logfile in your reply.
  
• You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.
  

**************************************************************

Please download aswMBR.exe ( 511KB ) to your desktop.

 

Double click the aswMBR.exe to run it

 

http://i424.photobucket.com/albums/pp322/digistar/aswMBR_Scan.jpg

 

Click the "Scan" button to start scan

 

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

 

http://i424.photobucket.com/albums/pp322/digistar/aswMBR_SaveLog.png

 

On completion of the scan click save log, save it to your desktop and post in your next reply

************************************************************

I'm required to give you this warning.

 

It appears your system is infected with a rootkit. A rootkit is a powerful piece of malware, that allows hackers full control over your computer for means of sending attacks over the Internet, or using your computer to generate revenue.

 

Malware experts have recommended that we make it clear that with the system under control of a hacker, your computer might become impossible to clean 100%.

 

Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. They can disable your antivirus and security tools to prevent detection and removal. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is sent back to the hacker. To learn more about these types of infections, you can refer to:

 

What danger is presented by rootkits?

Rootkits and how to combat them

r00tkit Analysis: What Is A Rootkit

 

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. Do NOT change passwords or do any transactions while using the infected computer because the attacker may get the new passwords and transaction information. (If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again.) Banking and credit card institutions should be notified to apprise them of your situation (possible security breach). To protect your information that may have been compromised, I recommend reading these references:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

What Should I Do If I've Become A Victim Of Identity Theft?

Identity Theft Victims Guide - What to do

It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot

be completely cleaned or repaired so you can never be sure that you have completely removed a rootkit. The malware may leave so many remnants behind that security tools cannot find them. Tools that claim to be able to remove rootkits cannot guarantee that all traces of it will be removed. Many experts in the security community believe that once infected with such a piece of malware, the best course of action would be a reformat and clean reinstall of the OS. This is something I don't like to recommend normally, but in most cases it is the best solution for your safety. Making this decision is based on what the computer is used for, and what information can be accessed from it. For more information, please read these references very carefully:

When should I re-format? How should I reinstall?

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

Where to draw the line? When to recommend a format and reinstall?

 

Guides for format and reinstall:

 

how-to-reformat-and-reinstall-your-operating-system-the-easy-way

 

However, if you do not have the resources to reinstall your computer's OS and would like me to attempt to clean it, I will be happy to do so. But please consider carefully before deciding against a reformat.

If you do make that decision, I will do my best to help you clean the computer of any infections, but you must understand that once a machine has been taken over by this type of malware, I cannot guarantee that it will be 100% secure even after disinfection or that the removal will be successful.

 

Please let me know what you have decided to do in your next post. Should you have any questions, please feel free to ask.

[Rikval445]

Hi, thanks for response, Fortunately I do not do banking online, so I can have problems with my credit card. I remember I got this virus simply surfing the internet, has downloaded stealthily and antivirus was not able to detect it, was completely disabled "Windows Firewall", "Windows Update" and "Windows Security Center". Regarding the formatting, I have formatted my pc in January 2012 and I really do not want to do it again, I am happy to collaborate with experts like you of IObit and I hope that together we can eliminate once and for all this Rootkit/Malware. Thanks for all your help, im will attach the logs in the next post, thanks!

[Melvin_Deal]

Hi, thanks for response, Fortunately I do not do banking online, so I can have problems with my credit card. I remember I got this virus simply surfing the internet, has downloaded stealthily and antivirus was not able to detect it, was completely disabled "Windows Firewall", "Windows Update" and "Windows Security Center". Regarding the formatting, I have formatted my pc in January 2012 and I really do not want to do it again, I am happy to collaborate with experts like you of IObit and I hope that together we can eliminate once and for all this Rootkit/Malware. Thanks for all your help, im will attach the logs in the next post, thanks!

 

Hello Rikval445,

 

I'm glad you wish to cleanse your system! It is important that you understand that even though this forum is hosted by Iobit... we are volunteers here that have no affiliation with Iobit.

 

You will have to thank Dave personally as he has no affiliation with the host of this help forum and Superdave posts here freely out of goodwill to aid and help users!:grin:

 

This forum is blessed to have Dave's attention... I'm sure he will address your next post with the logs as soon as he is able.

 

-Mel

[Rikval445]

Hi mel, thanks for specification, this is the logs.

 

 

1) Checkup

 

 

Results of screen317's Security Check version 0.99.51

Windows 7 x86 (UAC is disabled!)

Out of date service pack!!

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Security Center service is not running! This report may not be accurate!

Advanced SystemCare with Antivirus

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware versione 1.65.0.1400

CCleaner

Wise Registry Cleaner 7.45

JavaFX 2.1.1

Java 7 Update 5

Java version out of Date!

Adobe Flash Player 11.4.402.265

Adobe Reader 9 Adobe Reader out of Date!

````````Process Check: objlist.exe by Laurent````````

ESET NOD32 Antivirus egui.exe

ESET NOD32 Antivirus ekrn.exe

Comodo Firewall cmdagent.exe

Comodo Firewall cfp.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:

````````````````````End of Log``````````````````````

 

_______________________________________________________

 

2) Adwcleaner

 

# AdwCleaner v2.002 - Logfile created 09/17/2012 at 04:21:06

# Updated 16/09/2012 by Xplode

# Operating system : Windows 7 Home Premium (32 bits)

# User : Riccardo - RICCARDO-PC

# Boot Mode : Normal

# Running from : C:\Users\Riccardo\Downloads\adwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v9.0.8112.16421

 

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

 

-\\ Opera v12.2.1578.0

 

File : C:\Users\Riccardo\AppData\Roaming\Opera\Opera\operaprefs.ini

 

[OK] File is clean.

 

*************************

 

AdwCleaner[s2].txt - [1189 octets] - [17/09/2012 04:21:06]

 

########## EOF - C:\AdwCleaner[s2].txt - [1249 octets] ##########

 

 

_________________________________________________________

 

3) aswMBR

 

 

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-09-17 14:50:53

-----------------------------

14:50:53.663 OS Version: Windows 6.1.7600

14:50:53.663 Number of processors: 2 586 0x1C0A

14:50:53.679 ComputerName: RICCARDO-PC UserName: Riccardo

14:51:46.297 Initialize success

14:57:02.402 AVAST engine defs: 12091400

14:58:15.046 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0

14:58:15.046 Disk 0 Vendor: Size: 0MB BusType: 0

14:58:15.092 Disk 0 MBR read successfully

14:58:15.108 Disk 0 MBR scan

14:58:15.436 Disk 0 Windows 7 default MBR code

14:58:15.451 Disk 0 MBR hidden

14:58:15.514 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048

14:58:15.576 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 27265024

14:58:15.623 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 225061 MB offset 27469824

14:58:15.966 Disk 0 scanning C:\Windows\system32\drivers

14:59:01.487 Service scanning

15:01:10.222 Modules scanning

15:01:35.888 Disk 0 trace - called modules:

15:01:35.981 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys

15:01:36.013 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x854e7a58]

15:01:36.044 3 CLASSPNP.SYS[86f9b59e] -> nt!IofCallDriver -> [0x83943868]

15:01:36.059 5 ACPI.sys[8668e3b2] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84277028]

15:01:41.800 AVAST engine scan C:\Windows

15:01:54.206 AVAST engine scan C:\Windows\system32

15:14:01.659 AVAST engine scan C:\Windows\system32\drivers

15:14:53.514 AVAST engine scan C:\Users\Riccardo

15:17:51.171 File: C:\Users\Riccardo\AppData\Local\Temp\FCD5.tmp\crack.exe **INFECTED** Win32:Malware-gen

15:20:20.760 File: C:\Users\Riccardo\AppData\Roaming\Microsoft\twunk_16.exe **INFECTED** Win32:Malware-gen

15:24:41.664 AVAST engine scan C:\ProgramData

15:28:42.276 Scan finished successfully

15:32:42.251 Disk 0 MBR has been saved successfully to "C:\Users\Riccardo\Desktop\Log\MBR.dat"

15:32:42.407 The log file has been saved successfully to "C:\Users\Riccardo\Desktop\Log\aswMBR.txt"

 

 

_______________________________________________________

 

 

Thanks for your help dave, i wait for the next instruction.

[Superdave]

Update Your Java (JRE)

 

Old versions of Java have vulnerabilities that malware can use to infect your system.

 

First Verify your Java Version

 

If there are any other version(s) installed then update now.

 

Get the new version (if needed)

 

If your version is out of date install the newest version of the Sun Java Runtime Environment.

 

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

 

Be sure to close ALL open web browsers before starting the installation.

 

Remove any old versions

 

1. Download JavaRa and unzip the file to your Desktop.

2. Open JavaRA.exe and choose Remove Older Versions

3. Once complete exit JavaRA.

 

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

********************************************************

Please run the Action Center on your computer. This will attempt to fix your update problems.

 

Download Combofix from any of the links below, and save it to your DESKTOP.

 

Link 1

Link 2

Link 3

 

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click ComboFix.exe to run it.
   
  You will see the following image:
  

http://i424.photobucket.com/albums/pp322/digistar/NSIS_disclaimer_ENG.png

 

Click I Agree to start the program.

 

ComboFix will then extract the necessary files and you will see this:

 

http://i424.photobucket.com/albums/pp322/digistar/NSIS_extraction.png

 

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

 

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

 

If you did not have it installed, you will see the prompt below. Choose YES.

 

http://i424.photobucket.com/albums/pp322/digistar/RcAuto1.gif

 

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

 

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

http://i424.photobucket.com/albums/pp322/digistar/whatnext.png

 

Click on Yes, to continue scanning for malware.

 

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

 

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

 

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.