Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

win32/etap citrix


  • This topic is locked This topic is locked
13 replies to this topic

#1 SysFix

SysFix

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 11 March 2013 - 12:20 PM

I installed Citrix online software and now my AVG shows that it contains the virus win32/Etap. Here is my dds.txt file:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.17.2
Run by Owner at 12:04:42 on 2013-03-11
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1022.680 [GMT -5:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe
C:\PROGRA~1\PANASO~1\LocalCom\lmsrvnt.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\Panasonic\MFStation\PCCMFSDM.exe
C:\Program Files\Panasonic\MFStation\PCMFSMLM.exe
C:\WINDOWS\system32\PCCMFLPD.exe
C:\Program Files\Verbatim\MediaShare Desktop Applications\HipServAgent\HipServAgent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.att.net/
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\14.2.0.1\AVG Secure Search_toolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\14.2.0.1\AVG Secure Search_toolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe
mRun: [Panasonic Device Manager for Multi-Function Station software] c:\program files\panasonic\mfstation\PCCMFSDM.exe
mRun: [Panasonic PCFAX for Multi-Function Station software] c:\program files\panasonic\mfstation\KmPcFax.exe -1
mRun: [Panasonic IP Address Checker for Multi-Function Station software] c:\program files\panasonic\mfstation\PccChgIP.exe -s10
mRun: [Panasonic LPD Manager] c:\program files\panasonic\mfstation\PCMFSMLM.exe
mRun: [AmazonGSDownloaderTray] c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderTray.exe
mRun: [HipServ Agent] c:\program files\verbatim\mediashare desktop applications\hipservagent\HipServAgent.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1255562076359
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 68.94.156.1 68.94.157.1
TCP: Interfaces\{6E1D2374-2511-4AD0-8A19-310BCD959E85} : DHCPNameServer = 68.94.156.1 68.94.157.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\14.2.0\ViProtocol.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\8gkxx245.default\
FF - prefs.js: browser.search.selectedEngine - Amazon.com
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/?.rand=1074355059370&.o=&.l=dik5h8d/o
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\8gkxx245.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npo1d.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\14.2.0\npsitesafety.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_171.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
FF - ExtSQL: !HIDDEN! 2011-07-03 12:48; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2009-11-2 56208]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-14 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-10-14 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-14 108552]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-11-8 33112]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2011-4-25 65584]
R1 SASDIFSV;SASDIFSV;c:\docume~1\owner\locals~1\temp\sas_selfextract\SASDIFSV.SYS [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\docume~1\owner\locals~1\temp\sas_selfextract\SASKUTIL.SYS [2011-7-12 67664]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-10-14 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-10-14 297752]
R2 NovacomD;Palm Novacom;c:\program files\palm, inc\novacom\x86\novacomd.exe [2010-1-12 33792]
R2 Panasonic Local Printer Service;Panasonic Local Printer Service;c:\progra~1\panaso~1\localcom\lmsrvnt.exe [2009-10-19 36864]
S3 Amazon Download Agent;Amazon Download Agent;c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderService.exe [2011-2-25 401920]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg8\toolbar\ToolbarBroker.exe [2010-10-26 167264]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-9-2 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-9-2 8456]
S3 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\14.2.0\ToolbarUpdater.exe [2013-2-18 968880]
.
=============== Created Last 30 ================
.
2013-03-08 20:51:45    60032    -c--a-w-    c:\windows\system32\dllcache\usbaudio.sys
2013-03-08 20:51:45    60032    ----a-w-    c:\windows\system32\drivers\USBAUDIO.sys
2013-03-08 15:33:46    --------    d-----w-    c:\documents and settings\all users\application data\Citrix
2013-03-08 15:33:09    --------    d-----w-    c:\documents and settings\owner\application data\ICAClient
2013-03-08 15:04:21    143872    ----a-w-    c:\windows\system32\javacpl.cpl
2013-03-08 15:04:12    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-02-27 03:45:06    16473456    ----a-w-    c:\windows\system32\FlashPlayerInstaller.exe
2013-02-22 15:56:48    --------    d-----w-    c:\documents and settings\all users\application data\AVG8UPG
2013-02-12 19:56:48    --------    d-----w-    C:\2nd Story Software
.
==================== Find3M  ====================
.
2013-03-08 15:03:53    861088    ----a-w-    c:\windows\system32\npdeployJava1.dll
2013-03-08 15:03:53    782240    ----a-w-    c:\windows\system32\deployJava1.dll
2013-02-27 03:45:15    71024    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-27 03:45:15    691568    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-02-19 01:43:29    33112    ----a-w-    c:\windows\system32\drivers\avgtpx86.sys
2013-01-26 03:55:44    552448    ----a-w-    c:\windows\system32\oleaut32.dll
2013-01-07 01:16:02    2193024    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-01-07 00:36:58    2069760    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20:00    1867264    ----a-w-    c:\windows\system32\win32k.sys
2013-01-02 06:49:10    148992    ----a-w-    c:\windows\system32\mpg2splt.ax
2013-01-02 06:49:10    1292288    ----a-w-    c:\windows\system32\quartz.dll
2012-12-26 20:16:29    916480    ----a-w-    c:\windows\system32\wininet.dll
2012-12-26 20:16:28    43520    ------w-    c:\windows\system32\licmgr10.dll
2012-12-26 20:16:28    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2012-12-24 06:40:59    385024    ------w-    c:\windows\system32\html.iec
2012-12-16 12:23:59    290560    ----a-w-    c:\windows\system32\atmfd.dll
2012-12-14 22:49:28    21104    ----a-w-    c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 12:05:40.84 ===============
 

 

Thank you very much,

sys

 

 



BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:06:34 AM

Posted 13 March 2013 - 06:21 PM

Good evening. :)

Can you post the report that AVG produced that shows the infected file(s)?


So long, and thanks for all the fish.

 

 


#3 SysFix

SysFix
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 14 March 2013 - 04:09 PM

Hi Novicate,

 

My AVG install was outdated, so I updated to AVG 2013. In the process, all previous history has been deleted (as far as I can tell).

 

I can tell you that the file with the "win32/Etap" virus was ica32web.msi (aka A0027808.msi), which is the ICA Client installer that was downloaded directly from Citrix as I was logging on to a Citrix server. 

 

AVG showed 7 occurances of the virus, all associated with the .msi file in the download folder and also in the restore folder, and nowhere else.

 

In addition to updating my AVG, I have uninstalled the ICA Client and deleted the installer file from both the download folder and the restore folder.

 

I also uploaded the file to VirusTotal which determined that the file was NOT infected. Here is a link to that result if you are interested:

https://www.virustotal.com/en/file/bea02133d3e0d54fd08724ca26a1df20ee74b6ae9a628b21843bb844a0c90cd4/analysis/1363093421/

 

My computer has been acting wierd for about a week , so I'm still concerned that virus or malware is lurking inside.

 

I appreciate your help,

Sys

 

#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:06:34 AM

Posted 14 March 2013 - 05:06 PM

Good evening. :)

The VirusTotal link shows no detection for the file that you uploaded according to the AVG scanner it uses. I suspect that you have a set of AVG definitions that include a false positive for the file(s) in question and that there is no nasty on your system - it's not the first FP that there has been in the cyberworld. Assuming that you obtained the installation file from a legitimate source i'd not be overly concerned at this point.

 

My computer has been acting wierd for about a week

"Weird" doesn't offer a great deal to go on, so you'll need to be more informative.


So long, and thanks for all the fish.

 

 


#5 SysFix

SysFix
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 14 March 2013 - 06:38 PM

Good evening Novicate,

"Weird" = Sometimes (not always) programs open slowly, close slowly and/or stop responding. Sometimes Firefox takes very long to open and very long to load a page and also stops responding. I have received several virtual memory too low warnings in the last month.

Sometimes, my computer seems to be working fine.

Sys

#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:06:34 AM

Posted 16 March 2013 - 03:19 PM

Good evening. :)

Pay a visit to the ESET Online Scanner.
 

  • Click the ESET Online Scanner button and a new window will open - you may need to maximise it.
  • Click the Run ESET Online Scanner button in the new window.
  • If you are using any other browser than IE, you will be prompted to download and run esetsmartinstaller_enu.exe and the scan will run from within the window that the executable opens.
  • Regardless of which browser you are using, you will be shown some terms and conditions and you will need to accept these to continue.
  • If you are running IE for this scan you will then be prompted to allow an ActiveX component to be downloaded, unless you already have it installed, and the scan will run inside IE.
  • When you see the Computer Scan Settings window, you will need to make the following changes:
    • UNCHECK Remove found threats - this is important.
    • Check Scan archives
    • Click on Advanced settings
    • Check Scan for potentially unsafe applications
  • Once ready, click Start to begin - not a surprise really!
  • The anti-virus definitions will now be downloaded, so don't forget to allow them through your firewall if prompted.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.

 

 


So long, and thanks for all the fish.

 

 


#7 SysFix

SysFix
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 17 March 2013 - 08:44 AM

Good morning Novicate, I ran Eset and it found the following 2 items: C:\Documents and Settings\All Users\Documents\SetupImgBurn_2.5.2.0.exe a variant of Win32/Bundled.Toolbar.Ask application C:\Documents and Settings\Owner\Local Settings\temp\APNStub.exe a variant of Win32/Bundled.Toolbar.Ask application Should I just delete these 2 items from my drive? Thanks, Sys

#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:06:34 AM

Posted 18 March 2013 - 03:59 PM

Good evening. :)

 

Bundled.Toolbar.Ask application

Some people aren't happy with the idea that the Ask Toolbar is bundled in with installation files - in this case the first detection is for the ImgBurn installation file, as far as I can tell. I don't know for certain whether you can opt out of installing the toolbar with this one, but unless you have to have the toolbar, and you object to that fact, just treat the detection as being a warning about a potential issue and not a serious threat.

 

* If you have installed the toolbar then I would remove it as it isn't universally loved, but it really is up to you. The search engine of your choice will tell you about the Ask Toolbar if you ask it nicely - here's one to start you off.

 

When you ran DDS originally it should have produced a second text file called Attach.txr. Did you save a copy by any chance?


So long, and thanks for all the fish.

 

 


#9 SysFix

SysFix
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 18 March 2013 - 04:36 PM

Hi Novicate,

 

ImgBurn is a program that I downloaded a while back but never installed. I don't need it and I will delete it. The Ask toolbar was accidently installed when I neglected to uncheck it during a recent Java update. I thought I had completely uninstalled it afterward. I'm guessing that's where the temp entry came from. Can I just delete the temp entry?

 

Here is the attach.txt from my original DDS scan:

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\Harddisk0\DP(1)0x7e00-0x1bf1f18200+1
Install Date: 10/14/2009 12:05:39 PM
System Uptime: 3/8/2013 2:40:43 PM (70 hours ago)
.
Motherboard: Dell Computer Corp. |  | 0C2425
Processor:               Intel® Pentium® 4 CPU 2.40GHz | Microprocessor | 2392/533mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 2.83 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
Q: is NetworkDisk (FAT32) - 30 GiB total, 10.669 GiB free.
T: is NetworkDisk (FAT32) - 30 GiB total, 10.669 GiB free.
V: is NetworkDisk (FAT32) - 30 GiB total, 10.669 GiB free.
W: is NetworkDisk (FAT32) - 30 GiB total, 10.669 GiB free.
Y: is NetworkDisk (NTFS) - 37 GiB total, 25.936 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP312: 12/11/2012 2:48:15 PM - System Checkpoint
RP313: 12/12/2012 3:28:30 PM - System Checkpoint
RP314: 12/13/2012 3:49:17 PM - System Checkpoint
RP315: 12/14/2012 3:49:24 PM - System Checkpoint
RP316: 12/15/2012 3:49:34 PM - System Checkpoint
RP317: 12/16/2012 4:49:35 PM - System Checkpoint
RP318: 12/17/2012 5:23:49 PM - System Checkpoint
RP319: 12/18/2012 5:39:49 PM - System Checkpoint
RP320: 12/19/2012 5:49:35 PM - System Checkpoint
RP321: 12/20/2012 6:49:42 PM - System Checkpoint
RP322: 12/21/2012 7:49:43 PM - System Checkpoint
RP323: 12/22/2012 7:49:50 PM - System Checkpoint
RP324: 12/23/2012 8:49:51 PM - System Checkpoint
RP325: 12/24/2012 9:48:13 PM - System Checkpoint
RP326: 12/25/2012 9:49:50 PM - System Checkpoint
RP327: 12/26/2012 10:49:50 PM - System Checkpoint
RP328: 12/27/2012 11:49:52 PM - System Checkpoint
RP329: 12/29/2012 12:50:07 AM - System Checkpoint
RP330: 12/30/2012 1:50:13 AM - System Checkpoint
RP331: 12/31/2012 2:50:15 AM - System Checkpoint
RP332: 1/1/2013 3:50:10 AM - System Checkpoint
RP333: 1/2/2013 4:50:10 AM - System Checkpoint
RP334: 1/3/2013 5:50:11 AM - System Checkpoint
RP335: 1/4/2013 7:49:55 AM - System Checkpoint
RP336: 1/5/2013 8:01:12 AM - System Checkpoint
RP337: 1/6/2013 9:36:57 AM - System Checkpoint
RP338: 1/7/2013 10:06:11 AM - Software Distribution Service 3.0
RP339: 1/8/2013 10:21:10 AM - System Checkpoint
RP340: 1/9/2013 10:56:17 AM - System Checkpoint
RP341: 1/10/2013 1:40:58 PM - System Checkpoint
RP342: 1/11/2013 3:18:35 PM - System Checkpoint
RP343: 1/12/2013 3:20:07 PM - System Checkpoint
RP344: 1/13/2013 4:20:08 PM - System Checkpoint
RP345: 1/14/2013 5:23:55 PM - System Checkpoint
RP346: 1/15/2013 11:00:43 AM - Installed Java 7 Update 11
RP347: 1/16/2013 1:06:53 PM - System Checkpoint
RP348: 1/17/2013 2:16:24 PM - System Checkpoint
RP349: 1/18/2013 4:51:00 PM - System Checkpoint
RP350: 1/19/2013 5:20:33 PM - System Checkpoint
RP351: 1/20/2013 5:46:04 PM - System Checkpoint
RP352: 1/21/2013 6:20:35 PM - System Checkpoint
RP353: 1/22/2013 9:41:36 AM - Removed Ask Toolbar.
RP354: 1/23/2013 11:05:25 AM - System Checkpoint
RP355: 1/24/2013 12:36:37 PM - System Checkpoint
RP356: 1/25/2013 1:25:00 PM - System Checkpoint
RP357: 1/26/2013 2:20:53 PM - System Checkpoint
RP358: 1/27/2013 4:09:44 PM - System Checkpoint
RP359: 1/28/2013 6:17:05 PM - System Checkpoint
RP360: 1/29/2013 6:21:59 PM - System Checkpoint
RP361: 1/30/2013 7:20:54 PM - System Checkpoint
RP362: 1/31/2013 8:20:56 PM - System Checkpoint
RP363: 2/1/2013 8:21:06 PM - System Checkpoint
RP364: 2/2/2013 9:21:13 PM - System Checkpoint
RP365: 2/3/2013 10:21:10 PM - System Checkpoint
RP366: 2/4/2013 11:21:13 PM - System Checkpoint
RP367: 2/5/2013 11:55:00 PM - System Checkpoint
RP368: 2/6/2013 8:01:17 AM - Removed Java 7 Update 7
RP369: 2/6/2013 8:01:54 AM - Installed Java 7 Update 13
RP370: 2/7/2013 10:18:07 AM - System Checkpoint
RP371: 2/8/2013 11:35:30 AM - System Checkpoint
RP372: 2/9/2013 11:59:29 AM - System Checkpoint
RP373: 2/10/2013 12:59:32 PM - System Checkpoint
RP374: 2/10/2013 7:46:34 PM - B4TaxAct
RP375: 2/11/2013 7:55:10 AM - Software Distribution Service 3.0
RP376: 2/12/2013 8:32:32 AM - System Checkpoint
RP377: 2/13/2013 8:46:27 AM - System Checkpoint
RP378: 2/14/2013 11:20:29 AM - System Checkpoint
RP379: 2/15/2013 11:44:44 AM - System Checkpoint
RP380: 2/16/2013 12:44:44 PM - System Checkpoint
RP381: 2/17/2013 1:44:45 PM - System Checkpoint
RP382: 2/18/2013 2:44:45 PM - System Checkpoint
RP383: 2/19/2013 3:44:48 PM - System Checkpoint
RP384: 2/20/2013 8:29:07 AM - Software Distribution Service 3.0
RP385: 2/21/2013 9:27:21 AM - System Checkpoint
RP386: 2/22/2013 9:34:11 AM - System Checkpoint
RP387: 2/22/2013 9:55:52 AM - Avg8 Update
RP388: 2/23/2013 10:22:23 AM - System Checkpoint
RP389: 2/24/2013 11:24:33 AM - System Checkpoint
RP390: 2/25/2013 11:55:16 AM - System Checkpoint
RP391: 2/26/2013 12:22:24 PM - System Checkpoint
RP392: 2/27/2013 12:29:01 PM - System Checkpoint
RP393: 2/28/2013 12:58:39 PM - System Checkpoint
RP394: 3/1/2013 1:56:11 PM - System Checkpoint
RP395: 3/2/2013 2:22:39 PM - System Checkpoint
RP396: 3/3/2013 3:22:39 PM - System Checkpoint
RP397: 3/4/2013 4:01:19 PM - System Checkpoint
RP398: 3/5/2013 4:04:02 PM - System Checkpoint
RP399: 3/6/2013 4:23:06 PM - System Checkpoint
RP400: 3/7/2013 4:24:05 PM - System Checkpoint
RP401: 3/8/2013 9:03:09 AM - Removed Java 7 Update 13
RP402: 3/8/2013 9:03:47 AM - Installed Java 7 Update 17
RP403: 3/8/2013 9:24:21 AM - b4schmidtcitrix
RP404: 3/9/2013 9:45:19 AM - System Checkpoint
RP405: 3/10/2013 10:46:25 AM - System Checkpoint
RP406: 3/11/2013 10:58:12 AM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Amazon Games & Software Downloader
Apple Application Support
Apple Software Update
AT&T Unified Messaging
Audacity 1.2.6
AVG Free 8.5
AVG Security Toolbar
BlackBerry Device Simulators 4.2.2.114 (8300-T-MobileEU)
BlackBerry Email and MDS Services Simulators 4.1.4
BlackBerry Smartphone Simulators 4.5.0.175 (8830-Verizon)
BlackBerry Smartphone Simulators 4.5.0.55 (8820)
BlackBerry Smartphone Simulators 5.0.0.330 (9700-T-MobileUS)
Broadcom 440x 10/100 Integrated Controller
BufferChm
Bullzip PDF Printer 4.0.0.463
Cisco WebEx Meetings
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Conexant D850 56K V.9x DFVc Modem
CreativeProjects
CreativeProjectsTemplates
CueTour
DeductionPro 2009
Dell ResourceCD
Destinations
Director
DriveImage XML (Private Edition)
EASEUS Partition Master 6.1.1 Professional
Easy CD & DVD Creator 6
EasyZip
EMS SQL Manager 2008 Lite for SQL Server
ESET Online Scanner v3
FileZilla Client 3.2.8.1
Five9 Administrator
Google SketchUp 7
Google Talk Plugin
GoToMeeting 5.1.0.880
GPL Ghostscript Lite 8.70
H&R Block Deluxe + Efile + State 2009
H&R Block Deluxe + Efile + State 2010
H&R Block Deluxe + Efile + State 2011
H&R Block Illinois 2009
H&R Block Illinois 2010
H&R Block Illinois 2011
H&R Block New York 2011
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
HP Diagnostic Assistant
HP Image Zone 4.0
HP Install Network Printer Wizard
HP Software Update
HP Unload DLL Patch
HPSystemDiagnostics
InstantShare
Intel® Extreme Graphics Driver
IrfanView (remove only)
Java 7 Update 17
Java Auto Updater
Java Media Framework 2.1.1e
JavaFX 2.1.1
join.me
LAME v3.98.3 for Audacity
Malwarebytes Anti-Malware version 1.70.0.1100
MediaShare Desktop Applications
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office 2000 SR-1 Professional
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Virtual PC 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft WinUsb 1.0
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB927977)
MySQL Connector/ODBC 5.1
MZ-Tools 3.0 for VBA
Notepad++
Novacomd
Overland
Palm webOS® Doctor™ Build Verizon.277.276, webOS 1.4.5.1
Panasonic Multi-Function Station software
Paragon Backup & Recovery™ 10 Free Edition
PCDiskClone 8.0
PhotoGallery
Photosmart 320,370,7400,8100,8400 Series
PrintScreen
PS8400
PSPrinters06
QFolder
QuickProjects
QuickTime
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2530548)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SkinsHP1
Sound Blaster Live!
Spybot - Search & Destroy
SQLBackupAndFTP 3.4.3
TaxACT 2012 - 1040 Edition
TaxACT 2012 Illinois
Tool Tracking System
TrayApp
UltraVnc
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
WebReg
Windows Driver Package - Palm (WinUSB) Palm Devices  (11/30/2008 1.0.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
3/11/2013 10:32:04 AM, error: Service Control Manager [7034]  - The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).
.
==== End Of File ===========================
 

 

Thank you very much,

Sys

 

 



#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:06:34 AM

Posted 18 March 2013 - 06:12 PM

Download TFC (Temporary File Cleaner) by OldTimer from here and save it to your Desktop.
 

  • You will need to close all open programs and save any work as TFC will require a reboot.
  • Double-click TFC.exe to run it. (Note: If you are using Vista, right-click the file and select Run As Administrator from the menu that appears).
  • Click the Start button to begin. Depending on how often you clean temp files, execution time could be anywhere from a few seconds to a minute or two - just sit back and enjoy the view.
  • Once it has finished it should reboot your PC all by itself. If it does not, please manually reboot.
  • Once rebooted your PC will run like a Cray supercomputer, or at least have less junk on the hard drive - OT's not a miracle worker you know!
  • Please note that this tool will empty the Recycle Bin as part of it's actions. If you have anything in there that you haven't finished with, move it first.

 

 

This will clean all sorts of leftover crud from your system, which should include that file.


So long, and thanks for all the fish.

 

 


#11 SysFix

SysFix
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 19 March 2013 - 04:56 PM

Hi Novicate,

I ran TFC. Among other things, the temp folder that contained the questionable Ask Toolbar file is now gone. Also, things seem to be running faster and I haven't noticed any slow response or other "weird" behavior as before you started helping me.

Thank you so much for your help,
Sys

#12 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:06:34 AM

Posted 20 March 2013 - 03:21 PM

Good evening. :)

Always good to hear/read. You need to update Adobe Reader as it's a bit out of date. You can get the latest version here, feel free to uncheck the McAfee download first, or you can update from within the program itself: Help > Check for Updates...

Other than that, assuming the PC doesn't self-destruct doing the above, i'd say that was about that.


So long, and thanks for all the fish.

 

 


#13 SysFix

SysFix
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 20 March 2013 - 04:00 PM

Thank you so much for your help!!!!!! Sys

#14 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:06:34 AM

Posted 21 March 2013 - 03:57 PM

As this issue appears to have been resolved, this thread is now closed.


So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users