[evilfantasy]

Were all of these items removed by SUPERAntispyware?

[trevy3]

Well, they were quarantined, as per your instructions.

[evilfantasy]

OK, I want to run one more scan and then we will begin trying to get your add/remove programs back.

Please download Vundofix.exe to your desktop.

* Double-click VundoFix.exe to run it.
* Put a check next to Run VundoFix as a task.
* You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
* When VundoFix re-opens, click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will shutdown your computer, click OK.
* Turn your computer back on.
* Please post the contents of C:\vundofix.txt.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.

Please let Vundo finish, sometimes it can take multiple passes

Also, have you ever been in the registry?

[trevy3]

I have not been in the registry, no. I can confirm Add/remove programs is back and the computer is faster then it was before when I start up.

So I think the problems has been solved. Many thanks for all your help.

Hopfully I won't need use up your time again, but would you still like me to run the scan that you mentioned?

[evilfantasy]

I can confirm Add/remove programs is back

Good news. Some unruly security programs will hide the access to add/remove programs in an attempt to make it harder to uninstall them and further the pressure to buy them.

Yes it would be a good idea to check. Vundo can hide very well.

Let me know about Vundo, there are still a few quick steps to do before we wrap this up.

And post a new hijackthis log for final inspection.

[trevy3]

I ran Vundo but no files were found so no Log has been produced.

[evilfantasy]

Looks much better.

Open HijackThis and "Do a system scan only"
Place a check mark next to:
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

Click "Fix checked" and exit HijackThis.

==========

These last steps are important but easy to do.

Go into SUPERAntispyware and delete/empty the quarantine so any virus scans you do will not report the contents.

==========

Your Java is out of date
Older versions have vulnerabilities that malware can use to infect your system. It is possible that you may be running Java code in your applications that absolutely require a specific version of the JRE to run. Please follow these steps to remove older version of Java components and update

Updating Java:
* Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
* Check for any item with Java Runtime Environment (JRE or J2SE) in the name.
** The latest version is Java 6 Update 3. Remove all other entries.
* Click the Remove or Change/Remove button.
* Repeat as many times as necessary to remove each of the Java versions.
* Reboot your computer once all Java components are removed.

* Download the latest version of Java Runtime Environment (JRE) 6
* Click the Free Java Download button.
* Click the Download Now button.
* When the Software Installation dialog box opens. Click on the Install Now button.
* Follow the prompts to complete installation.

==========

This will clean all temp files and cookies that show as malware.

Please download ATF Cleaner by Atribune. ATF Cleaner.exe This program does not require an installation. The executable actually runs the program.

NOTE: ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.
* Double-click ATF-Cleaner.exe to run the program.
* Under Main choose: Select All
* Click the Empty Selected button.

If you use Firefox browser
* Click Firefox at the top and choose: Select All
* Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
* Click Opera at the top and choose: Select All
* Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.

==========

This is important to remove all of Combofix and the files quarantined by it. Plus it will flush any infected system restore files and create a new clean restore point.

Go to Start > Run and copy and paste next command in the field:

ComboFix /u



Make sure there's a space between Combofix and /
Then hit Enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

==========

If you need to install any security programs then just come here and ask what would be a safe choice. There are too many rouge programs out there that do more harm then good. Or just visit our downloads section, the ones there are all safe and when I run across a good one I usually add it.

Finally look through this thread Keeping yourself safe on the web. There are great tips and programs in there to tighten security even further.

Let us know if you need any advice or help.

Safe surfing.

[trevy3]

Brilliant! Many thanks for all your help, it's been really appreciated and I will certainly be taking note of your advice and tips in future.