1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help! Security Tool has taken over my laptop!!

Discussion in 'Virus & Other Malware Removal' started by sugarjunkie2979, Dec 14, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. sugarjunkie2979

    sugarjunkie2979 Thread Starter

    Joined:
    Dec 14, 2010
    Messages:
    15
    I am using my iPhone to post this and have been searching for a solution to remove this program for about six hours now. Windows XP and my laptop is an Acer I don't use any p2p or pirate bay or anything I was doing a google search for cakes when I noticed my spybot disappear and two new icons appeared and all these pop ups for this fake security tool 2.20 showed up...???
    So I can't open taskmanager using ctl alt del or through start run taskmgr
    can not start up in safe mode (f8 repeatedly but nothing happens...?)
    can not download anything from Internet (blocked by the security tool )
    did a search of files and folders deleted 2 entries for security tool emptied recycle bin and deleted it through add/remove programs as well and restarted, did not work
    can not use start run for any searches cannot open regedit
    deleted temporary Internet files and can browse internet as usual (did not type in any passwords etc only searched for help on removing this program )
    I have an external hard drive my files are all backed up on there
    what can I do??? I need my laptop working can anyone help me get me laptop running again and get rid of this?
    thanks in advance!
     
  2. sugarjunkie2979

    sugarjunkie2979 Thread Starter

    Joined:
    Dec 14, 2010
    Messages:
    15
    Just wondering is there another way to open task manager? Or any downloadable program that this virus will allow me to download? The pop ups are unbelievable fro
    this thing! Forgot to mention that I have spybot and it didn't stop this thing from taking over my laptop and I am unable to open it....
     
  3. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,157
    Hello sugarjunkie2979,

    I'm kevinf80 and I will be helping with any malware issues you may have with your system.
    • Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
    • Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
    • Either print or Save to Notepad all instructions and please follow them carefully, if there's something you don't understand or that will not work please let me know and we will go through it together.
    • Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin.
    • If you do not reply within 72 hours the thread will be closed, if you need more time let me know. Likewise if I do not respond within 48 hours feel free to PM me.
    • If you have any P2P applications installed such as BitTorrent, uTorrent, Limewire etc etc, please uninstall them before we begin.
    • If you are using Cracked or Illegal software your thread will be locked and all help will cease.

    Please proceed as follows :-

    Re-boot into Safemode with Networking:

    Re-boot system, continuously tap the F8 key until you see the Windows Advanced Menu, from the available options select Safemode with Networking

    Next,

    [​IMG] Please download Malwarebytes Anti-Malware and save it to your desktop.
    Alernative D/L mirror
    Alternative D/L mirror

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

    Next,

    Re-boot into Normal mode and re-run Malwarebytes as above. Post both logs in your reply

    Kevin
     
  4. sugarjunkie2979

    sugarjunkie2979 Thread Starter

    Joined:
    Dec 14, 2010
    Messages:
    15
    Thanks so much Kevin!
    It took a few tries but I got it into safemode and downloaded malwarebytes and it is scanning now 22 objects infected and it's only been running 2 min! I am shocked by that! Our whole family uses this laptop but that seems like a lot! Anyways thanks again will post logs when it is complete.
    Jaclyn
     
  5. sugarjunkie2979

    sugarjunkie2979 Thread Starter

    Joined:
    Dec 14, 2010
    Messages:
    15
    Here are the completed logs
    Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org
    Database version: 5322
    Windows 5.1.2600 Service Pack 2 (Safe Mode)
    Internet Explorer 8.0.6001.18372
    15/12/2010 1:17:49 PM
    mbam-log-2010-12-15 (13-17-49).txt
    Scan type: Quick scan
    Objects scanned: 149918
    Time elapsed: 7 minute(s), 14 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 23
    Registry Values Infected: 3
    Registry Data Items Infected: 0
    Folders Infected: 6
    Files Infected: 13
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2BA1C226-EC1B-4471-A65F-D0688AC6EE3A} (Adware.SmartShopper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEBF} (Adware.SmartShopper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEC0} (Adware.SmartShopper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6FD31ED6-7C94-4BBC-8E95-F927F4D3A949} (Adware.180Solutions) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F5265733-588B-46C8-8921-65AAB76EBE99} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F919FBD3-A96B-4679-AF26-F551439BB5FD} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\dLkPh05600 (Rogue.SystemTool) -> Value: dLkPh05600 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\Zango 10.3.37.0 (Adware.Zango) -> Value: Zango 10.3.37.0 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\82066123 (Trojan.SCTool.Gen) -> Value: 82066123 -> Quarantined and deleted successfully.
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    c:\documents and settings\all users\application data\salesmonitor (Rogue.Multiple) -> Quarantined and deleted successfully.
    c:\documents and settings\all users\application data\salesmonitor\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
    c:\documents and settings\all users\application data\systemerrorfixer (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
    c:\documents and settings\all users\application data\systemerrorfixer\Data (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
    c:\documents and settings\Joann\application data\systemerrorfixer (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
    c:\documents and settings\Joann\application data\systemerrorfixer\Logs (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
    Files Infected:
    c:\documents and settings\all users\application data\dlkph05600\dlkph05600.exe (Rogue.SystemTool) -> Quarantined and deleted successfully.
    c:\documents and settings\Joann\application data\microsoft\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\documents and settings\Joann\application data\microsoft\Windows\shell.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
    c:\documents and settings\Joann\local settings\Temp\0.0437447482825718.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\documents and settings\Joann\local settings\Temp\0.06702917333176561.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\documents and settings\Joann\local settings\Temp\dwm.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
    c:\documents and settings\Joann\application data\microsoft\stor.cfg (Malware.Trace) -> Quarantined and deleted successfully.
    c:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    c:\documents and settings\all users\application data\systemerrorfixer\Data\ac (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
    c:\documents and settings\all users\application data\systemerrorfixer\Data\em (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
    c:\documents and settings\all users\application data\systemerrorfixer\Data\oid (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
    c:\documents and settings\all users\application data\systemerrorfixer\Data\user (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
    c:\documents and settings\Joann\application data\systemerrorfixer\Logs\update.log (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.


    Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org
    Database version: 5322
    Windows 5.1.2600 Service Pack 2
    Internet Explorer 8.0.6001.18372
    15/12/2010 1:30:05 PM
    mbam-log-2010-12-15 (13-30-05).txt
    Scan type: Quick scan
    Objects scanned: 150430
    Time elapsed: 8 minute(s), 58 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    (No malicious items detected)
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    (No malicious items detected)
     
  6. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,157
    Hiya Jaclyn,

    Yep Malwarebytes has done a good job for us, OK lets have a deeper look and see if anything is lurking. As follows please:

    Step 1

    Download [​IMG] TFC to your desktop, from either of the following links
    Link 1
    Link 2
    • Make sure any open work is saved. TFC will close all open application windows.
    • Double-click TFC.exe to run the program.
    • If prompted, click "Yes" to reboot.
    TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

    Step 2

    Download [​IMG]OTL from any of the following links and save to your Desktop:

    Link 1
    Link 2
    Link 3

    • Double click on the icon to run it. Vista and Windows 7 users right click and select Run as Administrator. Make sure all other windows are closed and to let it run uninterrupted.
    • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
    • Under the Custom Scan box paste this in
      Code:
            netsvcs
            drivers32
            %SYSTEMDRIVE%\*.*
            %systemroot%\*. /mp /s
            CREATERESTOREPOINT
            %systemroot%\System32\config\*.sav
            HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
            HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
      
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your reply
    Copy and paste OTL Txt and ExtrasTxt in your reply.

    Step 3

    Download Security Check by screen317 from HERE or HERE.
    Save it to your Desktop.
    Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    What i`d like in your reply :-

    • OTL Txt
    • Extras Txt
    • Log from Security Checks
    • System update, any specific issues or concerns

    Kevin
     
  7. sugarjunkie2979

    sugarjunkie2979 Thread Starter

    Joined:
    Dec 14, 2010
    Messages:
    15
    Ok here are the first set of logs

    OTL logfile created on: 18/12/2010 10:46:04 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Joann\Desktop
    Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18372)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    502.00 Mb Total Physical Memory | 213.00 Mb Available Physical Memory | 42.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 83.00% Paging File free
    Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 28.32 Gb Total Space | 3.37 Gb Free Space | 11.90% Space Free | Partition Type: NTFS
    Drive D: | 27.56 Gb Total Space | 27.30 Gb Free Space | 99.05% Space Free | Partition Type: NTFS
    Drive E: | 4.07 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: JOANN-08B4D292C | User Name: Joann | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/12/18 22:41:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joann\Desktop\OTL.exe
    PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2008/11/24 22:38:42 | 000,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    PRC - [2008/05/23 07:58:34 | 000,594,600 | ---- | M] ( ) -- C:\WINDOWS\system32\lxducoms.exe
    PRC - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
    PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2005/06/06 22:46:24 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    PRC - [2004/08/16 15:17:20 | 001,287,168 | ---- | M] (OSA Technologies Inc.) -- C:\Acer\eManager\anbmServ.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/12/18 22:41:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joann\Desktop\OTL.exe
    MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
    SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2008/05/23 07:58:34 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxducoms.exe -- (lxdu_device)
    SRV - [2008/05/23 07:58:22 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe -- (lxduCATSCustConnectService)
    SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
    SRV - [2005/07/25 14:25:18 | 000,491,520 | ---- | M] ( ) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxcgcoms.exe -- (lxcg_device)
    SRV - [2004/08/16 15:17:20 | 001,287,168 | ---- | M] (OSA Technologies Inc.) [Auto | Running] -- C:\Acer\eManager\anbmServ.exe -- (anbmService)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\Wbutton.sys -- (Wbutton)
    DRV - [2007/05/20 11:02:56 | 000,094,064 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k510mdm.sys -- (k510mdm)
    DRV - [2007/05/20 11:02:56 | 000,085,408 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k510mgmt.sys -- (k510mgmt) Sony Ericsson K510 USB WMC Device Management Drivers (WDM)
    DRV - [2007/05/20 11:02:56 | 000,083,344 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k510obex.sys -- (k510obex)
    DRV - [2007/05/20 11:02:55 | 000,058,288 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k510bus.sys -- (k510bus) Sony Ericsson K510 Driver driver (WDM)
    DRV - [2007/05/20 11:02:55 | 000,008,336 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k510mdfl.sys -- (k510mdfl)
    DRV - [2007/01/23 15:45:00 | 000,034,576 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV - [2007/01/23 15:45:00 | 000,033,296 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV - [2006/12/03 23:30:22 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CdaD10BA.SYS -- (CdaD10BA)
    DRV - [2006/03/16 15:13:13 | 000,006,912 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
    DRV - [2005/04/19 09:40:52 | 002,317,504 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
    DRV - [2005/04/07 18:08:46 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)
    DRV - [2005/02/04 09:59:46 | 000,193,216 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
    DRV - [2005/01/14 15:57:16 | 000,004,010 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm)
    DRV - [2005/01/10 02:47:14 | 000,449,888 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
    DRV - [2004/12/15 14:18:34 | 000,207,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
    DRV - [2004/12/15 14:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2004/12/15 14:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
    DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
    DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
    DRV - [2004/07/19 13:10:00 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)
    DRV - [2003/12/05 05:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
    DRV - [2003/04/28 11:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\HOTKEY.sys -- (Hotkey)
    DRV - [2000/12/19 18:29:52 | 000,002,343 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Launch Manager\POWERKEY.SYS -- (POWERKEY)


    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2006/03/16 13:36:27 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2009/09/10 19:08:44 | 000,000,210 | -HS- | M] () -- C:\boot.ini
    [2006/03/18 01:25:27 | 000,000,484 | ---- | M] () -- C:\CDFE.log
    [2006/03/16 13:36:27 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2010/12/14 20:18:37 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
    [2010/12/18 22:39:42 | 526,897,152 | -HS- | M] () -- C:\hiberfil.sys
    [2007/04/17 11:28:54 | 000,000,525 | ---- | M] () -- C:\hpfr3420.xml
    [2007/04/17 11:28:53 | 000,003,248 | ---- | M] () -- C:\hpfr3425.log
    [2006/03/16 13:36:27 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2008/07/25 11:02:37 | 000,000,006 | ---- | M] () -- C:\ISACER.ID
    [2009/10/17 12:23:19 | 000,000,140 | ---- | M] () -- C:\KEError log 10-17-2009 (11h34m53s).txt
    [2008/05/17 10:31:06 | 000,006,610 | ---- | M] () -- C:\logfile
    [2010/08/13 06:51:10 | 000,008,054 | ---- | M] () -- C:\lxcg.log
    [2006/03/16 22:04:29 | 000,000,000 | ---- | M] () -- C:\lxcgfire.000
    [2006/03/18 01:25:22 | 000,000,000 | ---- | M] () -- C:\lxcgfire.csv
    [2006/03/16 22:05:09 | 000,000,867 | ---- | M] () -- C:\LXCGINST.000
    [2006/03/18 01:25:59 | 000,000,867 | ---- | M] () -- C:\LXCGINST.csv
    [2010/12/15 17:07:03 | 007,552,477 | ---- | M] () -- C:\lxcgscan.log
    [2006/03/16 22:05:55 | 000,091,428 | ---- | M] () -- C:\lxcgunst.000
    [2007/04/23 15:40:00 | 000,277,211 | ---- | M] () -- C:\lxcgunst.001
    [2008/04/09 11:53:03 | 000,351,137 | ---- | M] () -- C:\lxcgunst.002
    [2008/04/09 11:54:02 | 000,351,137 | ---- | M] () -- C:\lxcgunst.003
    [2008/04/09 11:55:46 | 000,351,137 | ---- | M] () -- C:\lxcgUNST.004
    [2008/11/10 13:48:09 | 000,359,129 | ---- | M] () -- C:\lxcgUNST.005
    [2008/11/10 13:48:17 | 000,359,129 | ---- | M] () -- C:\lxcgUNST.006
    [2008/11/10 13:48:46 | 000,359,129 | ---- | M] () -- C:\lxcgUNST.007
    [2008/11/10 13:48:53 | 000,359,129 | ---- | M] () -- C:\lxcgUNST.008
    [2008/11/10 13:49:14 | 000,359,129 | ---- | M] () -- C:\lxcgUNST.009
    [2009/02/02 20:13:39 | 000,363,458 | ---- | M] () -- C:\lxcgUNST.010
    [2009/02/02 20:13:48 | 000,363,458 | ---- | M] () -- C:\lxcgUNST.011
    [2009/02/02 20:14:02 | 000,363,458 | ---- | M] () -- C:\lxcgUNST.012
    [2009/02/02 20:29:02 | 000,363,458 | ---- | M] () -- C:\lxcgUNST.csv
    [2006/03/16 13:36:27 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2004/08/04 07:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
    [2010/12/18 22:39:40 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys
    [2006/03/28 16:25:37 | 000,000,322 | ---- | M] () -- C:\sorrySave.0
    [2006/03/29 10:12:56 | 000,000,322 | ---- | M] () -- C:\sorrySave.1
    [2007/09/16 23:00:27 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
    [2007/09/16 23:13:02 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
    [2007/09/17 00:17:45 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
    [2007/09/17 00:43:14 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
    [2007/09/17 02:54:35 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
    [2007/09/17 03:01:23 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
    [2007/09/17 10:54:40 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
    [2007/09/17 10:54:47 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
    [2007/09/18 10:40:34 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
    [2008/02/09 14:40:38 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
    [2008/02/13 07:37:29 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
    [2008/05/04 16:37:29 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
    [2008/05/04 21:36:34 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
    [2008/05/19 21:33:00 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
    [2008/06/03 21:34:34 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
    [2008/06/18 20:23:50 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
    [2008/07/04 18:42:10 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
    [2007/09/16 23:00:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
    [2007/09/16 23:13:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
    [2007/09/17 00:17:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
    [2007/09/17 00:43:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
    [2007/09/17 02:54:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
    [2007/09/17 03:01:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
    [2007/09/17 10:54:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
    [2007/09/17 10:54:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
    [2007/09/18 10:40:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
    [2008/02/09 14:40:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
    [2008/02/13 07:37:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
    [2008/05/04 16:37:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
    [2008/05/04 21:36:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
    [2008/05/19 21:33:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
    [2008/06/03 21:34:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
    [2008/06/18 20:23:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
    [2008/07/04 18:42:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
    [2008/11/17 21:43:15 | 000,000,510 | ---- | M] () -- C:\updatedatfix.log
    [2008/04/06 18:08:31 | 000,000,150 | ---- | M] () -- C:\YServer.txt

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2006/03/16 08:21:32 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2006/03/16 08:21:32 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2006/03/16 08:21:32 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2008-09-13 07:07:47
    < End of report >
     
  8. sugarjunkie2979

    sugarjunkie2979 Thread Starter

    Joined:
    Dec 14, 2010
    Messages:
    15
    Next log,

    Results of screen317's Security Check version 0.99.8
    Windows XP Service Pack 2
    Out of date service pack!!
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    McAfee Security Scan Plus
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) SE Runtime Environment 6 Update 1
    Java(TM) 6 Update 5
    Out of date Java installed!
    Adobe Flash Player 9.0.124.0
    Adobe Reader 7.0.5
    Out of date Adobe Reader installed!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    ``````````End of Log````````````



    Today a blue screen popped up I was not even using my laptop it was just sitting open and the blue screen I can't remember all of what it said ut the alarming part was where it said beginning dump of physical memory???
    Does that mean the virus is still lurking?
    Thanks again for all your help!!!
     
  9. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,157
    Hello sugarjunkie2979,

    You have not had a windows update since sept 2008, any reason for that? you have not updated to Service Pack 3 (SP3) Your Adobe reader and Flash Player are not current Java is similar. I dont see any dedicated Antivirus program and Windows Firewall is OFF...

    To enable Windows Firewall, follow these steps:

    1. Click Start, click Run, type Firewall.cpl and then click OK.
    2. On the General tab, click On (recommended).
    3. Click OK.

    A blue screen of death can happen for many reasons. It may happen once and never again, or it may continue to happen:

    1. Hardware Malfunction
    2. Software Malfunction
    3. Drivers are conflicting with software
    4. Drivers Corrupt
    5. Missing or corrupt windows files
    6. Malware

    Run the following scans and post the logs in your reply:

    Step 1

    Please download this program Blue Screen Viewer and unzip "Bluescreen View.exe" to your desktop.
    Next, Right click on "My Computer" and select "Properties" select "Advanced Tab." From the "Start up and Recovery" section select "settings" make sure the default folder is "%SystemRoot%\Minidump".
    Go back to your desktop and double click on Bluescreen Viewer to run it, if there is any info available the program will grab the most recent. Choose save from the Toolbar and copy paste to your next reply. If there is no information available try and re-create the BSOD and try again with the tool to collect the information.

    Step 2

    Please run the MGA Diagnostic Tool and post back the report it creates:
    • Download MGADiag to your desktop.
    • Double-click on MGADiag.exe to launch the program
    • Click "Continue"
    • Ensure that the "Windows" tab is selected (it should be by default).
    • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
    • Paste the MGA Diagnostic Report back here in your next reply.

    Post the logs from Blue screen viewer and MGA in your reply.

    Kevin
     
  10. sugarjunkie2979

    sugarjunkie2979 Thread Starter

    Joined:
    Dec 14, 2010
    Messages:
    15
    Thank you I will do all that but just wondering what do you mean by windows update? I am not all that knowledgable about computers and greatly appreciate your help :) Also does that mean I should update the adobe java and flash player too? Where do I find these updates? Thanks
     
  11. sugarjunkie2979

    sugarjunkie2979 Thread Starter

    Joined:
    Dec 14, 2010
    Messages:
    15
    Also what is service pack 3?
    Thanks
     
  12. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,157
    Microsoft releases updates on the second Tuesday of every month, these are security and enhancement related. Windows XP Service Pack 3 (SP3) is the final Windows XP service pack, a collection of previously-released fixes and product enhancements, as well as a few new features that are unique to this release.
    Without all current Service packs and updates your system is vulnerable to infection. The same goes for any Utility or Security application, updates are released to try and stay one step ahead of malware writers. I`ll give you links to Java and Adobe later.
    I need to see the results of the scans i`ve asked you to complete.

    Kevin
     
  13. sugarjunkie2979

    sugarjunkie2979 Thread Starter

    Joined:
    Dec 14, 2010
    Messages:
    15
    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Genuine
    Validation Code: 0
    Cached Validation Code: N/A
    Windows Product Key: *****-*****-48673-P3F7M-Q3B8M
    Windows Product Key Hash: G1xEtP84iYGqB6D4khOu+/tPVlE=
    Windows Product ID: 76477-OEM-2168236-09388
    Windows Product ID Type: 3
    Windows License Type: OEM System Builder
    Windows OS version: 5.1.2600.2.00010300.2.0.hom
    ID: {7A29E2AA-7ED1-4E82-8B31-227AE9DEDB4A}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.7.17.0
    Signed By: Microsoft
    Product Name: N/A
    Architecture: N/A
    Build lab: N/A
    TTS Error: N/A
    Validation Diagnostic: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005
    Resolution Status: N/A
    Vista WgaER Data-->
    ThreatID(s): N/A
    Version: N/A
    Windows XP Notifications Data-->
    Cached Result: 0
    File Exists: Yes
    Version: 1.7.17.0
    WgaTray.exe Signed By: Microsoft
    WgaLogon.dll Signed By: Microsoft
    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002
    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Word 2002 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005
    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed
    File Scan Data-->
    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{7A29E2AA-7ED1-4E82-8B31-227AE9DEDB4A}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.2.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-Q3B8M</PKey><PID>76477-OEM-2168236-09388</PID><PIDType>3</PIDType><SID>S-1-5-21-823518204-884357618-839522115</SID><SYSTEM><Manufacturer>Acer</Manufacturer><Model>Aspire 3610</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies LTD</Manufacturer><Version>V1.07 </Version><SMBIOSVersion major="2" minor="31"/><Date>20050926000000.000000+000</Date></BIOS><HWID>4A7C3407018400D2</HWID><UserLCID>1009</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.7.17.0"/><File Name="WgaLogon.dll" Version="1.7.17.0"/></GANotification></MachineData> <Software><Office><Result>100</Result><Products><Product GUID="{911B0409-6000-11D3-8CFE-0050048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Word 2002</Name><Ver>10</Ver><Val>9CF5E85BB9ACDFA</Val><Hash>1Ggu41R2+mA+9tA2HepOcmjwtV0=</Hash><Pid>54189-OEM-1650002-00509</Pid><PidType>16</PidType></Product></Products><Applications><App Id="1B" Version="10" Result="100"/></Applications></Office></Software></GenuineResults>
    Licensing Data-->
    N/A
    Windows Activation Technologies-->
    N/A
    HWID Data-->
    N/A
    OEM Activation 1.0 Data-->
    BIOS string matches: yes
    Marker string from BIOS: 178A0:Acer Incorporated
    Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005
    OEM Activation 2.0 Data-->
    N/A
    ==================================================
    Dump File : Mini121410-02.dmp
    Crash Time : 14/12/2010 8:19:29 PM
    Bug Check String : CRITICAL_OBJECT_TERMINATION
    Bug Check Code : 0x000000f4
    Parameter 1 : 0x00000003
    Parameter 2 : 0x82c03748
    Parameter 3 : 0x82c038bc
    Parameter 4 : 0x805c773e
    Caused By Driver : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+21aef
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 5.1.2600.3093 (xpsp_sp2_gdr.070227-2254)
    Processor : 32-bit
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini121410-02.dmp
    Processors Count : 1
    Major Version : 15
    Minor Version : 2600
    ==================================================
    I can't locate the results of the other MGA diagnostic I can't find where the clipboard is? I did a search online and it said in system 32 folder but I dont have one??
     
  14. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,157
    Hiya jaclyn,

    Proceed as follows please :-

    Step 1

    • Re-open [​IMG] to run it. (Vista and Win 7 users, right click on OTL and "Run as administrator")
    • Click on the [​IMG] button.
    • Click Yes to begin the cleanup process and remove tools, including this application
    • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes

    Step 2

    Uninstall the following from Add/Remove Programs via Start > Control Panel :-

    Java(TM) SE Runtime Environment 6 Update 1
    Java(TM) 6 Update 5
    Adobe Flash Player 9.0.124.0
    Adobe Reader 7.0.5


    Step 3

    You were using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version.
    For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system.
    The most current version of Sun Java is: Java Runtime Environment Version 6 Update 23.

    • Go to Sun Java
    • Select Windows 7/XP/Vista/2000/2003/2008
    • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
    • Reboot your computer

    Step 4

    Go Here and get the SP3 installer, save it to your Desktop. Next,
    Re-boot into safe mode and run the SP3 installer, once installed re-boot into Normal mode and check for updates. Keep re-booting and checking for updates until there are none left.

    Step 5

    Go Here and download Microsoft Security Essentials, once installed it will want to update and do a quick scan; allow that to happen. Let me know if it finds anything.

    Post back when the above steps are completed, also tell me if you have any issues or concerns. There will be a few more steps for you to complete after this...

    Kevin
     
  15. sugarjunkie2979

    sugarjunkie2979 Thread Starter

    Joined:
    Dec 14, 2010
    Messages:
    15
    All steps completed except how do I check for windows updates??
    Also my laptop is painfully slow now is there something I need to do to get it back to regular speed? Thanks again!
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/968532