Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Go to first new post How to delete qv06 Virus
Go to first new post Unkown program, no file size, called &qu ...
Go to first new post Hijacked links & Scripts running in ...
Go to first new post Internet Explorer
Go to first new post Hijacked links, Malware or something.
Go to first new post Infected with some sort of malware/Troja ...
Go to first new post Many Malware Problems
Go to first new post Windows 7 Not Booting: autochk program n ...
Go to first new post Memory upgrade problems.
Go to first new post Windows 7 problem - white program backgr ...
Go to first new post Old computer running as slow as molasses
Go to first new post Audio has disappeared
Go to first new post MBR PhysicalDrive0 issue
Go to first new post email hacked
Go to first new post Phantom audio ads and popup ads
Search Search
Search for:
Tech Support Guy Forums > > >

Solved: Anomalous activity on computer


(!)

Reply
Page 1 of 3 1 23
qwelps's Avatar
Computer Specs
Member with 23 posts.
THREAD STARTER
  
Join Date: Jun 2012
Experience: Beginner
28-Jun-2012, 03:48 AM #1
Anomalous activity on computer
Hi,

First I'd like to apologize for not attaching any logs. I'm not sure if my problem is a legitimate concern, and I was hoping to get an initial opinion before downloading any programs or posting any logs (I'm a bit paranoid about posting these logs online, is there any information in them that would compromise my computer's security?).

Lately I've been noticing some unusual behaviour from my computer, the strangest of which happened a few days ago. I found that whenever I would leave my computer idle, when I returned it would ask me for a username and password, something it had never done previously. The username was already provided but the password field was blank. I tried a few routine passwords I use but was eventually able to get passed the screen by just leaving the password field blank and pressing okay. In addition to this, my computer now immediately logs into my profile when I start up my computer, rather than asking me to select it (there's only one profile). The day before these two changes happened I downloaded two video editing related programs (fraps and handbrake) that seemed legitimate, and I think during the installation of handbrake I was forced to download .net framework 4 (I think I previously had 2.5?). I also ran a disk error checking which I hadn't done for a while.

Another anomalous behaviour I've noticed over the past little while is that my virus scan, avg, always reports that my last scan was "not yet scanned", despite that I scan pretty regularly.

Is any of this cause for concern?

I'm running windows xp.
qwelps's Avatar
Computer Specs
Member with 23 posts.
THREAD STARTER
  
Join Date: Jun 2012
Experience: Beginner
30-Jun-2012, 06:41 PM #2
Has anyone had a chance to look at this?
qwelps's Avatar
Computer Specs
Member with 23 posts.
THREAD STARTER
  
Join Date: Jun 2012
Experience: Beginner
03-Jul-2012, 08:48 PM #3
I hate to keep bumping this, but I really could use some help. There are a number of things I want to do on my computer but am choosing not to for fear of my information getting out. Have I not received a reply because I haven't posted the logs? If so, please let me know (ideally along with a reassurance that there's no danger associated with posting them). Thanks.
Mark1956's Avatar
Malware Removal Specialist with 8,820 posts.
  
Join Date: May 2011
Location: Spain
Experience: Advanced
04-Jul-2012, 08:01 PM #4
Hi Qwelps, and welcome to TSG, my name is Mark and I will be helping you.

Sorry for the delay but there simply are not enough volunteer helpers to cope with the demand.

First I must assure you that none of the logs we ask for will contain anything that can be used to compromise your systems security.

Please follow these instructions and post both the logs.

STEP 1

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Double-click on the renamed file to install, then follow these instructions for doing a Quick Scan in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Double click on the Malwarebytes icon on your desktop to launch the program
  • Under the Scanner tab, make sure the Perform Quick Scan option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click Show Results to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

Note: A 14-day trial of Malwarebytes Anti-Malware PRO is available as an option when first installing the free version so all users can test the real-time protection component for a period of two weeks. When the limited time period expires those features will be deactivated and locked. Enabling the Protection Module feature again requires registration and purchase of a license key that includes free lifetime upgrades and support. If you continue to use the free version, there is no requirement to buy a license...you can just use it as a stand-alone scanner.
NOTE: Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).

STEP 2
We need to see some additional information about what is happening in your machine.
Please download DDS by sUBs from one of the following links and save it to your desktop.`

DDS is a specialized tool that produces a Psuedo HijackThis Report (a scaled down and simplified version of 'HJT lines') that provides the same + more information in a condensed format.NOTE If your Anti Virus attempts to block the download please disable it following the instructions at the end of this guide.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.
  • When done, DDS will open two (2) logs.
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.
  • The instruction here asks you to attach the Attach.txt.
  • Instead of attaching, please copy & paste both logs into your next reply.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE
qwelps's Avatar
Computer Specs
Member with 23 posts.
THREAD STARTER
  
Join Date: Jun 2012
Experience: Beginner
07-Jul-2012, 11:59 AM #5
Hi Mark, thanks for the assistance.

A couple comments about the Malwarebytes process. First, I did not follow the bleepingcomputer.com instructions exactly, as they conflicted with the ones you provided. I did a quick scan as you instructed rather than the full scan instructed on bleepingcomputer.

Second, I did not understand this part of your instructions: "Don't forget to check for database definition updates through the program's interface (preferable method) before scanning".

Third, when updating malwarebytes, I buttoned through the update complete message a bit quickly. I'm fairly certain it said the update was successful, but is there any way to check if I have the most current version?

Here is the malwarebytes log:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.07.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
User :: N-0A44DCE9BF284 [administrator]

7/7/2012 11:30:59 AM
mbam-log-2012-07-07 (11-30-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207100
Time elapsed: 8 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)






And here is the DDS log

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_31
Run by User at 11:44:41 on 2012-07-07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2339 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\intelxpv_v103\wdm\STacSV.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
svchost.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1283207975484
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1283208673890
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{AC0BA0AC-EF91-4E31-B148-8AF8BEA9FF9A} : DhcpNameServer = 192.168.0.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\fkkrrxqw.default\
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - plugin: c:\progra~1\mi1933~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 301248]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-4-16 65584]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [2009-12-2 584680]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [2009-12-2 209512]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [2009-12-2 20584]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [2009-12-2 18280]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-1 250056]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 113120]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v040 0.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-07-07 15:28:26 -------- d-----w- c:\documents and settings\user\application data\Malwarebytes
2012-07-07 15:28:02 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-07 15:28:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-07 15:28:02 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-06-26 07:46:53 -------- d-----w- c:\documents and settings\user\application data\HandBrake
2012-06-26 07:38:20 -------- d-----w- c:\program files\Handbrake
2012-06-26 00:38:37 -------- d-----w- c:\documents and settings\user\local settings\application data\WMTools Downloaded Files
2012-06-25 00:46:03 -------- d-----w- c:\documents and settings\user\.stencylworks
2012-06-23 07:14:04 9815752 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-06-16 18:54:01 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
2012-06-16 18:54:00 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-06-11 18:17:42 65536 ----a-w- c:\windows\system32\frapsvid.dll
.
==================== Find3M ====================
.
2012-06-23 07:14:06 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-23 07:14:06 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 07:58:35 667136 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-20 19:29:52 81920 ----a-w- c:\windows\system32\ieencode.dll
2012-04-20 19:29:52 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-04-19 12:44:57 369664 ----a-w- c:\windows\system32\html.iec
2012-04-19 08:50:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-04-19 00:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 00:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
============= FINISH: 11:45:15.76 ===============







And here's the attach file

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/28/2010 6:17:50 PM
System Uptime: 7/7/2012 10:20:46 AM (1 hours ago)
.
Motherboard: Intel Corporation | | D945GTP
Processor: Intel(R) Pentium(R) D CPU 3.40GHz | | 3399/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 152.637 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ROOT\LEGACY_EHSCHED\SYSTEM
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_EHSCHED\SYSTEM
Service:
.
==== System Restore Points ===================
.
RP612: 4/7/2012 5:28:03 PM - System Checkpoint
RP613: 4/8/2012 6:11:55 PM - System Checkpoint
RP614: 4/10/2012 2:11:11 PM - System Checkpoint
RP615: 4/11/2012 3:00:14 AM - Software Distribution Service 3.0
RP616: 4/12/2012 6:26:43 PM - System Checkpoint
RP617: 4/13/2012 10:04:21 PM - System Checkpoint
RP618: 4/14/2012 10:35:07 PM - System Checkpoint
RP619: 4/16/2012 12:19:38 AM - System Checkpoint
RP620: 4/17/2012 2:21:47 AM - System Checkpoint
RP621: 4/18/2012 6:24:20 AM - System Checkpoint
RP622: 4/19/2012 1:15:16 PM - System Checkpoint
RP623: 4/20/2012 6:48:50 PM - System Checkpoint
RP624: 4/22/2012 12:46:02 AM - System Checkpoint
RP625: 4/23/2012 8:21:46 AM - System Checkpoint
RP626: 4/24/2012 9:17:20 AM - System Checkpoint
RP627: 4/25/2012 4:13:10 PM - System Checkpoint
RP628: 4/27/2012 4:20:37 AM - System Checkpoint
RP629: 4/28/2012 8:47:25 AM - System Checkpoint
RP630: 4/29/2012 11:49:05 AM - System Checkpoint
RP631: 4/30/2012 2:22:52 PM - System Checkpoint
RP632: 5/1/2012 2:47:26 PM - System Checkpoint
RP633: 5/2/2012 3:43:49 PM - System Checkpoint
RP634: 5/3/2012 4:21:00 PM - System Checkpoint
RP635: 5/4/2012 5:00:28 PM - System Checkpoint
RP636: 5/5/2012 5:05:12 PM - System Checkpoint
RP637: 5/6/2012 5:07:58 PM - System Checkpoint
RP638: 5/7/2012 5:12:41 PM - System Checkpoint
RP639: 5/8/2012 5:56:15 PM - System Checkpoint
RP640: 5/9/2012 6:50:45 PM - System Checkpoint
RP641: 5/10/2012 7:53:54 PM - System Checkpoint
RP642: 5/11/2012 3:00:18 AM - Software Distribution Service 3.0
RP643: 5/12/2012 1:09:10 PM - System Checkpoint
RP644: 5/14/2012 3:32:27 AM - System Checkpoint
RP645: 5/15/2012 5:44:30 AM - System Checkpoint
RP646: 5/16/2012 3:24:02 PM - System Checkpoint
RP647: 5/17/2012 3:37:50 PM - System Checkpoint
RP648: 5/18/2012 3:42:13 PM - System Checkpoint
RP649: 5/19/2012 4:36:23 PM - System Checkpoint
RP650: 5/20/2012 5:15:05 PM - System Checkpoint
RP651: 5/21/2012 5:15:48 PM - System Checkpoint
RP652: 5/22/2012 4:35:52 AM - Software Distribution Service 3.0
RP653: 5/22/2012 4:56:01 AM - Software Distribution Service 3.0
RP654: 5/22/2012 5:43:10 AM - Software Distribution Service 3.0
RP655: 5/22/2012 7:40:14 AM - Software Distribution Service 3.0
RP656: 5/23/2012 9:49:08 AM - System Checkpoint
RP657: 5/24/2012 10:13:52 AM - System Checkpoint
RP658: 5/25/2012 3:29:40 PM - System Checkpoint
RP659: 5/26/2012 3:57:10 PM - System Checkpoint
RP660: 5/27/2012 4:46:00 PM - System Checkpoint
RP661: 5/28/2012 7:40:12 PM - System Checkpoint
RP662: 5/29/2012 7:58:12 PM - System Checkpoint
RP663: 5/30/2012 9:05:04 PM - System Checkpoint
RP664: 6/1/2012 5:02:55 AM - System Checkpoint
RP665: 6/2/2012 5:23:04 AM - System Checkpoint
RP666: 6/3/2012 3:45:49 PM - System Checkpoint
RP667: 6/4/2012 5:47:07 PM - System Checkpoint
RP668: 6/4/2012 11:51:48 PM - Software Distribution Service 3.0
RP669: 6/6/2012 5:08:13 AM - System Checkpoint
RP670: 6/7/2012 5:42:09 AM - System Checkpoint
RP671: 6/8/2012 5:44:21 AM - System Checkpoint
RP672: 6/9/2012 9:17:28 AM - System Checkpoint
RP673: 6/10/2012 6:28:48 PM - System Checkpoint
RP674: 6/12/2012 8:00:36 AM - System Checkpoint
RP675: 6/13/2012 3:00:14 AM - Software Distribution Service 3.0
RP676: 6/14/2012 3:04:44 AM - System Checkpoint
RP677: 6/15/2012 3:58:16 AM - System Checkpoint
RP678: 6/16/2012 4:18:28 AM - System Checkpoint
RP679: 6/17/2012 6:48:56 PM - System Checkpoint
RP680: 6/19/2012 1:09:52 AM - System Checkpoint
RP681: 6/20/2012 10:49:31 AM - System Checkpoint
RP682: 6/21/2012 11:12:40 AM - System Checkpoint
RP683: 6/22/2012 1:00:37 PM - System Checkpoint
RP684: 6/23/2012 1:48:05 PM - System Checkpoint
RP685: 6/24/2012 2:46:52 PM - System Checkpoint
RP686: 6/25/2012 3:11:40 PM - System Checkpoint
RP687: 6/26/2012 4:06:07 PM - System Checkpoint
RP688: 6/26/2012 5:23:58 PM - Software Distribution Service 3.0
RP689: 6/27/2012 7:10:15 PM - System Checkpoint
RP690: 6/29/2012 5:10:20 AM - System Checkpoint
RP691: 6/30/2012 1:08:21 PM - System Checkpoint
RP692: 7/1/2012 1:08:48 PM - System Checkpoint
RP693: 7/2/2012 6:44:23 PM - System Checkpoint
RP694: 7/3/2012 6:51:16 PM - System Checkpoint
RP695: 7/4/2012 7:00:02 PM - System Checkpoint
RP696: 7/5/2012 7:05:16 PM - System Checkpoint
RP697: 7/7/2012 12:12:44 AM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.1
AIM 7
Another World 15th Anniversary Edition
Apple Application Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Audacity 1.2.6
AVG 2012
AVG PC Tuneup 2011
CamStudio
CamStudio Lossless Codec v1.4
Canon MP150
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Commander Keen Complete Pack
Compatibility Pack for the 2007 Office system
Construct 2 r69
Crusader No Remorse
Descent and Descent 2
DivX Setup
Download Updater (AOL LLC)
Final DOOM
Fraps
G*Power 3.1.2
GameMaker 8.1
Giants – Citizen Kabuto
Half-Life
HandBrake 0.9.6
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
IBM SPSS Statistics 19
IDT Audio
Intel(R) Network Connections 15.3.68.0
Java Auto Updater
Java(TM) 6 Update 31
LAME v3.98.3 for Audacity
Little Big Adventure
Magic Carpet
Malwarebytes Anti-Malware version 1.61.0.1400
Master Levels for DOOM II
MDK
Megarace
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Click-to-Run 2010
Microsoft Office Home and Student 2010 - English
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Word 2002
Microsoft Works
Microsoft Works Suite 2006 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
MTX
OpenAL
Osmos
Planescape Torment
QuickTime
Rayman 2
Rayman 2: The Great Escape GOG Edition
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2416400)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2530548)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2559049)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2586448)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618444)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647516)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2675157)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2699988)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB923789)
Segoe UI
Serious Sam The First Encounter
Serious Sam The Second Encounter
Skins
Steam
Stencyl
Syndicate
The Ultimate DOOM
The You Testament
Treasure Adventure Game
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB971029)
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.1.5
VVVVVV Demo
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Imaging Component
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows XP Service Pack 3
WinRAR archiver
Works Upgrade
.
==== End Of File ===========================
qwelps's Avatar
Computer Specs
Member with 23 posts.
THREAD STARTER
  
Join Date: Jun 2012
Experience: Beginner
07-Jul-2012, 12:39 PM #6
Oh, also for malwarebytes, the last steps were different. I don't remember seeing any results, though I don't think I looked since I believe a message popped up saying nothing was found. Should I scan again and look for the "show results" button?

I also had a few programs open while dds was running (just things relating to this), so I hope that's not a problem.
Last edited by qwelps; 07-Jul-2012 at 12:44 PM..
Mark1956's Avatar
Malware Removal Specialist with 8,820 posts.
  
Join Date: May 2011
Location: Spain
Experience: Advanced
07-Jul-2012, 01:03 PM #7
Nothing of any significance is showing up in the logs. Please follow the instructions below and post the log from Security Check, Eset will only produce a log if it finds anything, be aware the Eset scan can take several hours to complete.

The instructions for Malwarebytes need updating, thanks for pointing that out. It automatically checks for updates when you launch it, older versions didn't. The database I just checked is on 12.07.07.06 so you may have just missed a new update. Not to worry though, Eset is likely to find anything that Malwarebytes may have missed.

Download Security Check by screen317 from Here or Here.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Eset online scan instructions.
IMPORTANT ---> Please make sure you follow the instruction to uncheck the box next to Remove found threats. Eset will detect anything that looks even remotely suspicious, this can include legitimate program files. If you do not uncheck the box, as instructed, Eset will automatically remove all suspect files which could leave some of your software inoperative. If you make a mistake these files can be restored from quarantine, but it would be preferable not to add any extra work to the clean up of your system.
  • Disable your existing Anti Virus following these instructions.
  • Please go here to use the Eset Online Scanner.
  • When the web page opens click on this button
  • If you are not using Internet Explorer you will see a message box open asking you to to download the ESET Smart Installer, click on the link and allow it to download and then run it. Accept the Terms of use and click on Start. The required components will download.
  • If using Internet Explorer the Terms of use box will open immediately, accept it and click on Start.
  • After the download is complete the Computer scan settings window will open, IMPORTANT ----> uncheck the box next to Remove found threats and click on Start. The virus signature database will then download which may take some time depending on the speed of your internet connection. The scan will automatically start when the download is complete.
  • This is a very thorough scan and may take several hours to complete depending on how much data you have on your hard drive. Do not interrupt it, be patient and let it finish.
  • A Scan Results window will appear at the end of the scan. If it lists any number of Infected Files click on List of found threats. Click on Copy to clipboard, come back to this thread and right click on the message box. Select Paste and the report will appear, add any comments you have and post the reply.
  • Back on the Eset window, click the Back button and then click on Finish.
Mark1956's Avatar
Malware Removal Specialist with 8,820 posts.
  
Join Date: May 2011
Location: Spain
Experience: Advanced
07-Jul-2012, 01:26 PM #8
Please always make a new post if you wish to add further information as I only get notified when a new post is added and may miss something of importance that you may have added.

As the scan came up clean there is nothing to worry about. Usually you would need to click on the Show Results button to display the log for copying into your posts here. As for DDS, no problem there either.
qwelps's Avatar
Computer Specs
Member with 23 posts.
THREAD STARTER
  
Join Date: Jun 2012
Experience: Beginner
08-Jul-2012, 02:54 AM #9
Here is the security check file. I had some trouble downloading it, the first time I tried to save it to my desktop it said there was an error. The second time it downloaded correctly. I will now start the eset scan.


Results of screen317's Security Check version 0.99.42
Windows XP Service Pack 3 x86
Internet Explorer 6 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
AVG PC Tuneup 2011
Java(TM) 6 Update 31
Java version out of Date!
Adobe Flash Player 11.3.300.262
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (13.0.1)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 7%
````````````````````End of Log``````````````````````
qwelps's Avatar
Computer Specs
Member with 23 posts.
THREAD STARTER
  
Join Date: Jun 2012
Experience: Beginner
08-Jul-2012, 03:00 AM #10
I am running AVG 2012, there are no instructions on the link provided on how to disable that specific version.

I can right click on the AVG icon at the bottom right of my screen and check an option "Temporarily disable AVG protection". Should I just do that, or is there a particular thing that needs to be done?
qwelps's Avatar
Computer Specs
Member with 23 posts.
THREAD STARTER
  
Join Date: Jun 2012
Experience: Beginner
08-Jul-2012, 03:00 AM #11
Also, is the virus scan the only thing that needs to be disabled?
Mark1956's Avatar
Malware Removal Specialist with 8,820 posts.
  
Join Date: May 2011
Location: Spain
Experience: Advanced
08-Jul-2012, 08:51 AM #12
Quote:
I can right click on the AVG icon at the bottom right of my screen and check an option "Temporarily disable AVG protection". Should I just do that, or is there a particular thing that needs to be done?
That will do the job.
Quote:
Also, is the virus scan the only thing that needs to be disabled?
Yes.
qwelps's Avatar
Computer Specs
Member with 23 posts.
THREAD STARTER
  
Join Date: Jun 2012
Experience: Beginner
09-Jul-2012, 01:37 AM #13
Did the Eset scan. A couple of comments. First, at the start (along with the option to remove found threats) I think there was an option to scan archives or something. I left this unchecked. Was this the correct thing to do? Second, when the scan was going it jumped from 49% completion directly to 99%.

Here are the results

C:\Documents and Settings\User\Desktop\Unused\MsgPlusLive-485.exe a variant of Win32/MessengerPlus application
Mark1956's Avatar
Malware Removal Specialist with 8,820 posts.
  
Join Date: May 2011
Location: Spain
Experience: Advanced
09-Jul-2012, 02:06 AM #14
It's looking like your system is clean of any infections. The jump on the Eset scan completion monitor is normal. The setting to check Archives was not required.

Just to be sure we had better check the file that was detected.

Go to one of the following online services that analyzes suspicious files:In the "File to Scan" (Upload or Submit) box, click the "browse" button and locate the following file:

C:\Documents and Settings\User\Desktop\Unused\MsgPlusLive-485.exe <- this file

Click "Open", then click the "Submit" button. If you get a message saying "File has already been analyzed", click Reanalyze or Scan again.
-- Post back with the results of the file analysis in your next reply.

___________________________________________________________________

Internet Explorer
Your Internet Explorer is out of date, the latest version for XP has a better level of security which helps to stop malicious software from reaching your PC.
Internet Explorer 8 for Windows XP

____________________________________________________________________

Adobe
Close any programs you may have running - especially your web browser.
Click on Start > Control Panel, double-click on Programs and Features and uninstall the following Adobe entries:

Adobe Reader

NOTE: For XP click on > Control Panel, double-click on Add or Remove Programs and continue as above.
Then go to this link Adobe Downloads and select the latest version to download and install. You will see this page below, click on the appropriate button for Adobe Reader as indicated.

You will now see a page similar to this one:

All four Adobe products, Reader, Flash Player, Air and Shockwave Player are set by default to download the version for Windows Operating Systems and for Internet Explorer in English. If you are using a Macintosh, or you want to use the Adobe product with a different Browser or language you must click on the line (as indicated in the above image) to make further selections to meet your requirements.
As you will see in the above image the Adobe Reader is set for Windows 7, please click (as indicated) if you are using a different version of Windows to make further selections. All the other Adobe products are universal and you will only need to change the selection for different Browsers, Languages or for Macintosh.
NOTE: In all the downloads look out for the Google Toolbar and uncheck the box if you do not need it.
Some additional instructions may appear for XP installations. In all cases save the download to your desktop, then close your browser and double click on the Adobe icon on your desktop to install it. If you have any problems installing, disconnect from the internet and disable your Anti Virus and any other security software, instructions for most AV's, etc. can be found here: How to disable security software.

__________________________________________________________________

Java
Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for Java Platform, Standard Edition.
  • Click the Download JRE button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select the Windows(x86) Offline version.
  • NOTE: A 64bit version is available for use with 64bit browsers running on a 64bit version of Window's, but it is recommended that you use only 32bit browsers and versions of Java. Please read this for further information: Which Java download should I choose for my 64bit operating system?
  • Close any programs you may have running - especially your web browser.
Click on or > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java, JRE or J2SE in the name.
  • Click the Uninstall, Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u5-windows-i586.exe (or jre-7u5-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version. When an update is installed always make sure the previous version is uninstalled.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.
qwelps's Avatar
Computer Specs
Member with 23 posts.
THREAD STARTER
  
Join Date: Jun 2012
Experience: Beginner
12-Jul-2012, 06:24 AM #15
Here is the link to the scan of the file:

http://virusscan.jotti.org/en/scanre...52bdefe33ff621

Clam AV found: PUA.Win32.Packer.CreativeAudioFi

and Eset found: Win32/MessengerPlus

I'll do the updates now. I don't use internet explorer though, do I still have to update it?
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply
Page 1 of 3 1 23
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join Today!

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


TECH SUPPORT GUY
WELCOME
FOLLOW US
 
You Are Using: Server ID
All times are GMT -4. The time now is 09:26 PM.
Advertisements do not imply our endorsement of that product or service.
Copyright © 1996 - 2013 TechGuy, Inc. All rights reserved. Privacy & Terms.

VigLink badge
Trusted Website Back to the Top ↑