He posted in another topic, http://forum.avast.com/index.php?topic=40906.msg342942#msg342942, so here it is, http://www.mediafire.com/?sharekey=ccdfeaaf0401c27dd2db6fb9a8902bda.
Thanks David - got it ;D
OK I now have the full log Samshadows
Start OTScanit. Copy/Paste the information in the attached text file into the pane where it says “Paste fix here” and then click the Run Fix button.
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new Hijackthis log.
I will review the information when it comes back in.
Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
I apologize for posting the earlier results on a different thread. I wasn’t sure how to delete the previous posts. Thanks for taking the time and assisting me. I had no problem with the fix. It appears it worked. Here is the requested information:
http://www.mediafire.com/?sharekey=ccdfeaaf0401c27dd2db6fb9a8902bda
I was wrong, I still have the “bug”. I don’t even need a browser running for the pop-ups to appear. Tonight as I was conversing with my wife and running avast!, the FF browser popped-up with an advertisement.
No problems on that
I have two programmes for you to run now one is for analysis of FF and the other to clear waifs and strays
Please download GooredFix and save it to your Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt). Note: Do not run Option #2 yet.
NEXT
Please download Malwarebytes’ Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
[*]Make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
[*]If an update is found, it will download and install the latest version.
[*]Once the program has loaded, select “Perform Quick Scan”, then click Scan.
[*]The scan may take some time to finish,so please be patient.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Make sure that everything is checked, and click Remove Selected.
[]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
[]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
[*]Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
If you could post the Goored.txt and MBAM report
=====Suspect Goored Entries=====
=====List of possible loading points=====
xcci5rcp.default: Extension13=C:\Documents and Settings\Kinzer family\Application Data\Mozilla\Firefox\Profiles\xcci5rcp.default\extensions{635abd67-4fe9-1b23-4f01-e679fa7484c1}
xcci5rcp.default: Extension12=C:\Documents and Settings\Kinzer family\Application Data\Mozilla\Firefox\Profiles\xcci5rcp.default\extensions{C1273352-9340-4d54-A6D7-17DC157EC0B9}
xcci5rcp.default: Extension11=C:\Documents and Settings\Kinzer family\Application Data\Mozilla\Firefox\Profiles\xcci5rcp.default\extensions{c45c406e-ab73-11d8-be73-000a95be3b12}
xcci5rcp.default: Extension10=C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\VideoFinder4
xcci5rcp.default: Extension9=C:\Documents and Settings\Kinzer family\Application Data\Mozilla\Firefox\Profiles\xcci5rcp.default\extensions\moveplayer@movenetworks.com
xcci5rcp.default: Extension8=C:\Program Files\McAfee\SiteAdvisor
xcci5rcp.default: Extension7=C:\Program Files\Mozilla Firefox\extensions{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
xcci5rcp.default: Extension6=C:\Program Files\Mozilla Firefox\extensions{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
xcci5rcp.default: Extension5=C:\Program Files\Mozilla Firefox\extensions{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
xcci5rcp.default: Extension4=C:\Program Files\Mozilla Firefox\extensions{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
xcci5rcp.default: Extension3=C:\Documents and Settings\Kinzer family\Application Data\Mozilla\Firefox\Profiles\xcci5rcp.default\extensions{77b819fa-95ad-4f2c-ac7c-486b356188a9}
xcci5rcp.default: Extension2=C:\Documents and Settings\Kinzer family\Application Data\Mozilla\Firefox\Profiles\xcci5rcp.default\extensions{3112ca9c-de6d-4884-a869-9855de68056c}
xcci5rcp.default: Extension1=C:\Documents and Settings\Kinzer family\Application Data\Mozilla\Firefox\Profiles\xcci5rcp.default\extensions{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
xcci5rcp.default: Extension0=C:\Documents and Settings\Kinzer family\Application Data\Mozilla\Firefox\Profiles\xcci5rcp.default\extensions\toolbar@alexa.com
=====List of possible folders=====
C:\Documents and Settings\Kinzer family\Local Settings\Application Data{7148F0A6-6813-11D6-A77B-00B0D0142030}
=====List of possible registry values=====
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.4\extensions]
“Plugins”=“C:\Program Files\Mozilla Firefox\plugins”
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.4\extensions]
“Components”=“C:\Program Files\Mozilla Firefox\components”
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
“{03102E6B-7DF5-49DC-8BE4-EBA9ECEFB73F}”=“C:\Documents and Settings\Kinzer family\Local Settings\Application Data{03102E6B-7DF5-49DC-8BE4-EBA9ECEFB73F}”
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
“{B7082FAA-CB62-4872-9106-E42DD88EDE45}”=“C:\Program Files\McAfee\SiteAdvisor”
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
“{ABDE892B-13A8-4d1b-88E6-365A6E755758}”=“C:\Program Files\Real\RealPlayer\browserrecord”
Malwarebytes’ Anti-Malware 1.31
Database version: 1500
Windows 5.1.2600 Service Pack 3
12/14/2008 12:22:51 PM
mbam-log-2008-12-14 (12-22-51).txt
Scan type: Quick Scan
Objects scanned: 62744
Time elapsed: 10 minute(s), 1 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 26
Registry Values Infected: 6
Registry Data Items Infected: 4
Folders Infected: 4
Files Infected: 17
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\lanimaye.dll (Trojan.Vundo.H) → Delete on reboot.
c:\WINDOWS\system32\jakejoki.dll (Trojan.Vundo.H) → Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{9e917783-4849-44d9-81a7-4a692480b5b3} (Trojan.Vundo.H) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID{9e917783-4849-44d9-81a7-4a692480b5b3} (Trojan.Vundo.H) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) → Delete on reboot.
HKEY_CLASSES_ROOT\iebho.bho (Trojan.FakeAlert) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface{75e2cd3d-ebe9-4d27-8bd2-5449a900a092} (Trojan.FakeAlert) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib{120c9a20-4c1f-48a2-9bf9-16b30e02e366} (Trojan.FakeAlert) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID{f8a0d89e-875f-41af-83be-6b5780224682} (Trojan.FakeAlert) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{f8a0d89e-875f-41af-83be-6b5780224682} (Trojan.FakeAlert) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\agadoo (Adware.Agent) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deewoo Network Manager (Adware.Radio) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) → Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\44c8d1ca (Trojan.Vundo.H) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wufolejabe (Trojan.Vundo.H) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm47fbe256 (Trojan.Vundo.H) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) → Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) → Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) → Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) → Data: c:\windows\system32\jakejoki.dll → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) → Data: system32\jakejoki.dll → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) → Data: c:\windows\system32\berutehe.dll → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) → Data: system32\berutehe.dll → Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\AntiSpywareXP2009 (Rogue.AntispywareXP) → Quarantined and deleted successfully.
C:\Program Files\AntiSpywareXP2009\data (Rogue.AntispywareXP) → Quarantined and deleted successfully.
C:\Program Files\AntiSpywareXP2009\Microsoft.VC80.CRT (Rogue.AntispywareXP) → Quarantined and deleted successfully.
C:\Documents and Settings\Kinzer family\Start Menu\Programs\AntiSpywareXP2009 (Rogue.AntispywareXP) → Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\lanimaye.dll (Trojan.Vundo.H) → Delete on reboot.
C:\WINDOWS\system32\eyaminal.ini (Trojan.Vundo.H) → Quarantined and deleted successfully.
C:\WINDOWS\system32\vukezezi.dll (Trojan.Vundo.H) → Quarantined and deleted successfully.
C:\WINDOWS\system32\izezekuv.ini (Trojan.Vundo.H) → Quarantined and deleted successfully.
c:\WINDOWS\system32\jakejoki.dll (Trojan.Vundo.H) → Delete on reboot.
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) → Quarantined and deleted successfully.
C:\WINDOWS\system32\berutehe.dll (Trojan.Vundo) → Quarantined and deleted successfully.
C:\Program Files\AntiSpywareXP2009\pthreadVC2.dll (Rogue.AntispywareXP) → Quarantined and deleted successfully.
C:\Program Files\AntiSpywareXP2009\data\daily.cvd (Rogue.AntispywareXP) → Quarantined and deleted successfully.
C:\Program Files\AntiSpywareXP2009\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.AntispywareXP) → Quarantined and deleted successfully.
C:\Program Files\AntiSpywareXP2009\Microsoft.VC80.CRT\msvcm80.dll (Rogue.AntispywareXP) → Quarantined and deleted successfully.
C:\Program Files\AntiSpywareXP2009\Microsoft.VC80.CRT\msvcp80.dll (Rogue.AntispywareXP) → Quarantined and deleted successfully.
C:\Program Files\AntiSpywareXP2009\Microsoft.VC80.CRT\msvcr80.dll (Rogue.AntispywareXP) → Quarantined and deleted successfully.
C:\Documents and Settings\Kinzer family\My Documents\My Music\My Music.url (Trojan.Zlob) → Quarantined and deleted successfully.
C:\Documents and Settings\Kinzer family\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) → Quarantined and deleted successfully.
C:\Documents and Settings\Kinzer family\My Documents\My Videos\My Video.url (Trojan.Zlob) → Quarantined and deleted successfully.
C:\Documents and Settings\Kinzer family\My Documents\My Documents.url (Trojan.Zlob) → Quarantined and deleted successfully.
FF is infected
Please double-click Goored.exe on your Desktop to run it. Select 2. Fix Goored by typing 2 and pressing Enter. Make sure all instances of Firefox are closed at this point. Type y at the prompt and press Enter again. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).
On completion re-run Malwarebytes and post both logs
Martin, what is it in the goored log that indicates the infection, is it the reference to alexa.com ?
Or this one ?
C:\Documents and Settings\Kinzer family\Local Settings\Application Data{7148F0A6-6813-11D6-A77B-00B0D0142030}
Or all those with the clsid style and not an extension name, etc.
{635abd67-4fe9-1b23-4f01-e679fa7484c1} ?
Its the app data one the rest are legit C:\Documents and Settings\Kinzer family\Local Settings\Application Data{7148F0A6-6813-11D6-A77B-00B0D0142030} it is the java one
These are Java used by FF C:\Program Files\Mozilla Firefox\extensions{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Here are the new logs.
GooredFix v1.3 by jpshortstuff
Log created at 12:43 on 14/12/2008 running Option #2
=====Goored Deletions=====
=====List of possible loading points=====
xcci5rcp.default: Extension13=C:\Documents and Settings\Kinzer family\Application Data\Mozilla\Firefox\Profiles\xcci5rcp.default\extensions{635abd67-4fe9-1b23-4f01-e679fa7484c1}
xcci5rcp.default: Extension12=C:\Documents and Settings\Kinzer family\Application Data\Mozilla\Firefox\Profiles\xcci5rcp.default\extensions{C1273352-9340-4d54-A6D7-17DC157EC0B9}
xcci5rcp.default: Extension11=C:\Documents and Settings\Kinzer family\Application Data\Mozilla\Firefox\Profiles\xcci5rcp.default\extensions{c45c406e-ab73-11d8-be73-000a95be3b12}
xcci5rcp.default: Extension10=C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\VideoFinder4
xcci5rcp.default: Extension9=C:\Documents and Settings\Kinzer family\Application Data\Mozilla\Firefox\Profiles\xcci5rcp.default\extensions\moveplayer@movenetworks.com
xcci5rcp.default: Extension8=C:\Program Files\McAfee\SiteAdvisor
xcci5rcp.default: Extension7=C:\Program Files\Mozilla Firefox\extensions{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
xcci5rcp.default: Extension6=C:\Program Files\Mozilla Firefox\extensions{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
xcci5rcp.default: Extension5=C:\Program Files\Mozilla Firefox\extensions{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
xcci5rcp.default: Extension4=C:\Program Files\Mozilla Firefox\extensions{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
xcci5rcp.default: Extension3=C:\Documents and Settings\Kinzer family\Application Data\Mozilla\Firefox\Profiles\xcci5rcp.default\extensions{77b819fa-95ad-4f2c-ac7c-486b356188a9}
xcci5rcp.default: Extension2=C:\Documents and Settings\Kinzer family\Application Data\Mozilla\Firefox\Profiles\xcci5rcp.default\extensions{3112ca9c-de6d-4884-a869-9855de68056c}
xcci5rcp.default: Extension1=C:\Documents and Settings\Kinzer family\Application Data\Mozilla\Firefox\Profiles\xcci5rcp.default\extensions{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
xcci5rcp.default: Extension0=C:\Documents and Settings\Kinzer family\Application Data\Mozilla\Firefox\Profiles\xcci5rcp.default\extensions\toolbar@alexa.com
=====List of possible folders=====
C:\Documents and Settings\Kinzer family\Local Settings\Application Data{7148F0A6-6813-11D6-A77B-00B0D0142030}
=====List of possible registry values=====
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.4\extensions]
“Plugins”=“C:\Program Files\Mozilla Firefox\plugins”
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.4\extensions]
“Components”=“C:\Program Files\Mozilla Firefox\components”
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
“{03102E6B-7DF5-49DC-8BE4-EBA9ECEFB73F}”=“C:\Documents and Settings\Kinzer family\Local Settings\Application Data{03102E6B-7DF5-49DC-8BE4-EBA9ECEFB73F}”
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
“{B7082FAA-CB62-4872-9106-E42DD88EDE45}”=“C:\Program Files\McAfee\SiteAdvisor”
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
“{ABDE892B-13A8-4d1b-88E6-365A6E755758}”=“C:\Program Files\Real\RealPlayer\browserrecord”
==============================================================================
Malwarebytes’ Anti-Malware 1.31
Database version: 1500
Windows 5.1.2600 Service Pack 3
12/14/2008 12:53:43 PM
mbam-log-2008-12-14 (12-53-43).txt
Scan type: Quick Scan
Objects scanned: 62466
Time elapsed: 7 minute(s), 22 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Could you now run for a few hours and then let me know of any problems
I will do so.
Thanks Martin.
No probs David, but the programme checked it out and it was OK ( I am still learning on this one )
Yes, me too, just keeping my eyes open ;D
I had FF up and running for about 4 hours yesterday and not one pop-up! Thank you very much for the help. I didn’t think I would ever get that problem fixed. Nice work!
Good news.
You had the misfortune of being one of the first to get hit with this, so it has been interesting for us too, though not a great experience for you.
Nice to hear I now have a handle on this tool having tried it elswhere and it works a treat
Now the best part of the day ----- Your log now appears clean 
A good workman always cleans up after himself so…Download and run this small programme and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
[*]Click Start.
[*]Open My Computer.
[*]Select the Tools menu and click Folder Options.
[*]Select the View Tab.
[*]Under the Hidden files and folders heading select Do not show hidden files and folders.
[]Click Yes to confirm.
[]Click OK.
Please download JavaRa to your desktop and unzip it to its own folder
[*]Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
[*]Accept any prompts.
[*]Open JavaRa.exe again and select Search For Updates.
[*]Select Update Using Sun Java’s Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.
XP
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
[*]Select Start > All Programs > Accessories > System tools > System Restore.
[*]On the dialogue box that appears select Create a Restore Point
[*]Click NEXT
[*]Enter a name e.g. Clean
[*]Click CREATE
You now have a clean restore point, to get rid of the bad ones:
[*]Select Start > All Programs > Accessories > System tools > Disk Cleanup.
[*]In the Drop down box that appears select your main drive e.g. C
[*]Click OK
[*]The System will do some calculation and the display a dialogue box with TABS
[*]Select the More Options Tab.
[*]At the bottom will be a system restore box with a CLEANUP button click this
[*]Accept the Warning and select OK again, the program will close and you are done
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
[]SpywareBlaster to help prevent spyware from installing in the first place.
[]SuperAntispyware Run weekly to keep your system clean
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.
To keep your operating system up to date visit
[]Secunia Software inspector To check your programme update status
[]Microsoft Windows Update
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe 