Posts by jholland1964

The log looks ok to me. Stick with the Avira. AVG Used to be good but consistently ranks now behind Avira and the other good free one Avast. I use Avira, have for several years and am very pleased with it.

I would also suggest adding SpywareBlaster. It provides excellent additional protection against ActiveX-based spyware, adware, dialers, browser hijackers,block spyware/tracking cookies in IE, Mozilla Firefox,and many other browsers, and restrict the actions of spyware/ad/tracking sites.
Just download, install, update, enable all and close the program. That's it. Check for new updates once a week, if there are any download and install, enable all close the program. I wouldn't run my computer without it. It IS FREE also.
http://download.cnet.com/SpywareBlaster/3000-8022_4-10196637.html

If all seems to be working well I would say this can be marked solved if you agree.
Judy

Ok then, that must be normal for the computer. The one thing i need to see is a system scan from HiJackThis.

http://free.antivirus.com/hijackthis/

Run the scan, copy the log and paste it back here...almost done.

Tell you what, I noticed something unusual about your first Full MBA-M scan and now with this second one and that is the fact that the scans only took 35 minutes. A full scan with MBA-M normally takes at least one hour. It is possible that these infections have corrupted MBA-M so I would like you to remove it and install a new copy.
Follow these instructions from the MBA-M website:
Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
Restart your computer (very important).
Download and run this utility.http://www.malwarebytes.org/mbam-clean.exe
It will ask to restart your computer (please allow it to).
After the computer restarts, Temporarily disable your Anti-Virus
To disable your Avira right click the little red umbrella in your system tray and remove the check mark from Enable Guard.
Next install the latest version of Malwarebytes' Anti-Malware from
http://fileforum.betanews.com/detail/Malwarebytes-AntiMalware/1186760019/1
Once it has installed, Update it and then run another Full Scan with it as you have previously. Have it remove everything found.
Reboot the computer, be certain your Avira has restarted and post back here with the log.

Tania, the computer obviously is still infected. Likely the KEY reason of the for the continuing infections is found in that MBA-M log...

C:\Documents and Settings\Luke\My Documents\LimeWire\Saved\Virtual Dj Full Version.exe (P2P.Dropper)

Limewire is a P2P file sharing program. Used mainly to ILLEGALLY obtain copyrighted material, music and games especially, without payment to the rightful owners of the software being downloaded. This obviously is the case with these two infected files for sure.
Virtual Dj is a program that must be paid for when purchased LEGALLY. The cost is approximately $329. But, because the copy on your computer was obtained illegally via P2P it was "supposedly" FREE. But along with the illegally gotten software you also now have a grossly infected computer. This is proven by the fact that each and every scan finds newly infected files.
The files found by Avira scan contained a Trojan. These were contained in the folder C:\Documents and Settings\Luke\My Documents\Downloads\PDFTablet_Installer.exe
and held the TR/Dldr.Delphi.Gen Trojan. A trojan is created in order to bring onto the computer other infected files.

It is the policy of daniweb and stated very clearly in our Read Me First sticky that anyone posting for assistance in removing infections must do the following:
Please Uninstall or Disable any P2P (peer-to-peer) programs on the infected computer before posting in this forum. Rather than write a long piece on the dangers of P2P, I’m just going to say this:

P2P software circumvents common-sense security measures and …

Yes, SpywareBlaster will protect Opera also. It doesn't show there, but it will because it uses the Internet Explorer engine. Any browser which uses the IE engine is protected and Opera does use the IE engine, along with all of these others:
AOL web browser
Avant Browser
Slim Browser
Maxthon (formerly MyIE2)
Crazy Browser
GreenBrowser
http://www.javacoolsoftware.com/spywareblaster.html#Browsers

Your Java is woefully out of date. Go to http://www.java.com/en/download/manual.jsp
Choose the Offline install and save it to the desktop.
Once you have done that, close all browsers. Go to Add/Remove and Uninstall all of these
Java(TM) 6 Update 11
Java(TM) 6 Update 4
Java(TM) 6 Update 6
Java(TM) 6 Update 7

Once all are removed then go to that Java install file on your desktop and install the newest version which is version 6 update 22. Watch the updating very closely as it automatically offers various toolbars. The check marks will all ready be there so REMOVE the check marks so that you don't get those unneeded toolbars. Once the install is complete go back to that download page and click Verify Now on the right side to go to the verification page to test that the install went as it should have.

Now some advice. I see you are running AVG 9 Free version. I would recommend that you change your anti-virus program to another. Avira Free is the one I use, I like it a lot and it ranks much higher in most tests than AVG.
Here is the link http://www.avira.com/en/avira-free-antivirus
Another good free one is Avast. It also ranks higher in most tests than AVG.
Here is the link for Avast Free http://download.cnet.com/Avast-Free-Antivirus/3000-2239_4-10019223.html?part=dl-85737&subj=dl&tag=button

I prefer Avira because it is quite easy to run, not intrusive and provides excellent …

It was me taking IE out of the picture, wasn't it. I didn't think of that.
Yes it was. I need to see the new Uninstall list and I will give you a couple more steps but I need to see that first because I don't know now what was removed.

The problem was, I told you I would get you the fixes and I spent all that time making a list for you to work with and then you did things manually that I had not requested. This is why we ask people to wait a moment. I worked as quickly as I could. Each line of that log had to be checked.
Ok, run HiJackThis again. This time though put check marks next to the following entries:
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"

O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab

O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing)

Once you have the check marks in place click the Fix Checked button and exit HJT.
Reboot.
Please give me a NEW Uninstall list like you did before. There are other items which must be removed but I need to see a new list.

Please follow the instructions as I give them.
Since you jumped ahead we now have to go back.DON'T do the steps in my last post, as I had to delete it since the log shown has likely now been changed by your changes.

Please run a new scan with HJT and post the log. I am going to have to go through it again since you did steps not called for.

SweetIM is a program to Send fancier smiley-faces and IM graphics to friends who are using MSN Messenger. BUT - they are only able to see these advanced smiley-faces if they also have SweetIM installed.

Just wanted to point that out to you. Good thing you don't use IE. We can fix it easily. That isn't a google page.
Do you only use IE for Windows Updates correct? Give me a few moments and I will have some fixes for you to do using HJT

You know the page you have set as your homepage, sweetim.com, is not considered to be a very safe page.
Look at this information. Be sure to scroll all the way down to read the comments there.
http://www.mywot.com/en/scorecard/search.sweetim.com

Update MBA-M and do another Full Scan with it. Have it Remove everything found.
Reboot the computer and then do another HJT system scan.
Post back here with both logs.

So you are continuing with the clean up or do you want to close the thread?

No it certainly ISN'T time to close the thread. You haven't completed cleaning the computer yet.
Of course the choice is yours, but the computer has not yet been deemed 100% clean. If you don't want to clean it up it is your choice but then I would advise that you stop using this computer entirely. I know I wouldn't use it until all infection was cleaned off and I knew that for certain.
The computer can be cleaned. If you don't want to then we can close the thread. Basically you have three choices; continue with the clean up, or stop using the computer completely and get another to use online, or completely reformat and reload.

CimmerianX, I realize you wish to assist but please look at the logs and the MBA-M run. The first log is likely a portion of the ESET scanner log, however without the entire log we cannot be certain the scan was done correctly.
The 2nd MBA-M log, while it looks clean, was NOT updated and not a Full Scan both of which should have been done. So to say "That's looks pretty good." is not correct. If if had been a full scan with an updated program, "maybe" you could say it looks pretty good but since steps have not been followed correctly, no it doesn't look pretty good. It looks incomplete and inaccurate.

Tania, please complete the steps given ok?

tania, that is not the full ESET log, we need to see the entire log from top to bottom, not just what was found/removed. Your computer appears to still be grossly infected.

Also, you did NOT update MBA-M as crunchie requested. Your database still shows 4784, which is the very same one you used on the last scan. MBA-M has multiple updates DAILY which is why updating must be run each and every time you scan, even for multiple scans done on the same day. The current database version, as of 5 minutes ago is Database version: 4840. Plus you only ran a Quick Scan. When infection is found using a Quick Scan, as your original scan showed, then the program should immediately be updated again and a Full Scan should then be run. The Quick Scan does not scan all files. If some of those files are found to be infected then it is vitally important that the Full Scan be run immediately.
Please follow these instructions and post back with the entire ESET log and also a log from a Fully Updated FULL scan with MBA-M.
Judy

Understand the time a 6 month old baby takes, hope though that you are not using the computer for anything else other than cleanup either. You obviously had/have some very serious infections on there. If you are using the computer for anything else than cleaning it up then all these steps will be for nothing.
Please now do the following:
Please Run the ESET Online Scanner and attach the ScanLog with your post for assistance.

You will need to temporarily Disable your current Anti-virus program.
Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.

When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us.

Hope you now see WHY we insist on all P2P programs be uninstalled. Look at those infected files you got from using P2P. This is one of the easiest ways to get some really bad infections.
Here is information about the infection removed by ESET which adds proof to this from ESET
WMA/TrojanDownloader.GetCodec has ranked fifth on ESET’s threat list
Win32/GetCodec.A is a type of malware that modifies media files. This Trojan converts all media files found on a computer to the WMA format and adds a field to the header that includes a URL pointing the user to a new codec, claiming that the codec has to be downloaded so that the media files can be read. WMA/TrojanDownloader.GetCodec.Gen is a downloader closely related to Wimad.N which facilitates infection by GetCodec variants like Win32/GetCodec.A

Note that is says it converts ALL media files on the computer. You cannot now assume that ANY of your media files on the computer are not carrying this Trojan but possibly have not yet been activated. Each time one of these files is accessed then the trigger will be pulled and this will then bring in more and more, that is what it was designed to do.

I note in your HiJackThis log that you obviously have an iPod. Yes, iPods also can become infected and then infect any computer they may be plugged into.
This is exactly WHY P2P sharing is so very dangerous. These infected …

I would like to see an Uninstall List generated by using HiJackThis. To do this do the following:
Open HiJackThis
Click on Msc. Tools button
Click on the Open Uninstall Manager button.
Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad into a reply

After that do the following:
Please Run the ESET Online Scanner and attach the ScanLog with your post for assistance.
You will need to use Internet Explorer to to complete this scan.
You will need to temporarily Disable your current Anti-virus program.
Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.
Please Reboot the computer.
Post back with the log from the ESET Scanner.

Oh, I meant to say RegCure, not RegEdit.
Doesn't matter, using a registry cleaner regardless is always a bad idea. Too much damage can be done. There is never a good reason to use a registry cleaner, optimizer, whatever.
Good tools like MBA-M will automatically clean out infected registry entries there really is hardly ever a good reason to "play" with the registry. Uninstall RegCure and continue with steps given.

Hi Ed, welcome to daniweb.

RegEdit is certainly NOT tool to run to remove infections, you need to know what registry entries ARE infected before attempting this.
Your MBA-M shows you only ran a Quick Scan and No Action Taken. Did you reboot after running MBA-M? This is one of the things you must always do when using MBA-M to remove infection.

Update MBA-M and run a Full Scan. Have it Remove everything found REBOOT and then go into MBA-M and copy/paste the last log in the Log tab back here.

I would like to see a system scan log done with HiJackThis

http://free.antivirus.com/hijackthis/

You need to post the MBA-M log here. Other steps may be required, especially with the number of Trojans found. These may just be the "tip of the iceberg". There very well could be a rootkit on there which will just bring in more infections.

Ok, I apologize I didn't realize that, combofix doesn't work on 64bit systems.
I am going to refer this to another helper and see what he would advise.

Is this a 64bit operating system?

Works perfectly fine with Vista. If you are using Windows Vista, and receive UAC prompt asking if you would like to continue running the program, you should press the Continue button.

Please download ComboFix by sUBs from

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

· You must download it to and run it from your Desktop
· Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

· Double click combofix.exe & follow the prompts.
· When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log using the latest version which is version 2.0.4
http://free.antivirus.com/hijackthis/

· Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

I am very sorry for the delay.We are short handed. The first thing I see is you have two anti-virus programs installed on the computer, Windows Live OneCare which according to the DDS log is very outdated. You also have Avira AntiVir Personal - Free Antivirus installed. Pleas UNINSTALL the Windows Live OneCare. The absolute rule is ONE anti-virus program to a computer.
It appears the computer itself is out of date, your Java is way, way out of date.

Try this rootkit program,
http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html
* Double-click sar_15_sfx.exe to begin the installation, read the license agreement and click Accept.
* Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.
* A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to start it now".
* Click Yes and allow the driver and its randomly named .tmp file (i.e. F.tmp) to load if asked.
* If the scan did not start automatically, make sure the following are checked:
o Running processes
o Windows Registry
o Local Hard Drives
* Click Start scan.
* Sophos Anti-Rootkit will scan the selected areas and display any suspicious files in the upper panel.
* When the scan is complete, a pop-up screen will appear with "Rootkit Scan Results". Click OK to continue.
* Click on the suspicious file to display more information about it in the lower panel which also includes whether the item is recommended …

There is absolutely NO way that an AdAware scan should take 10+ hours! which is what you seem to be saying. Turn it off and Uninstall it. That is 100% wrong. I wouldn't trust anything it supposedly is finding.

You should NEVER run two scans of any kind at the same time! Neither one will do a proper job that way.

Not that crazy about AdAware frankly. I know it is compatible with Windows 7 but can find no info that it is compatible with Windows 7 64bit.

This is also where you are at of a bit of disadvantage as many of the security programs are not compatible with a 64bit system.
You can try the Sophos Rootkit program, it is compatible with 7.
You will have to fill out an information form in order to download it but be sure you don't say you want info or newsletters.
http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html

Part of your problem is you are using programs which are not compatible with Windows 7 and/or also not compatible with a 64bit system.
GMER runs only on Windows NT/W2K/XP/VISTA

Malwarebytes's IS compatible with Windows 7 and 64bit systems however, where is the log? We can make no determinations of what is going on if we don't see all the logs and Malwarebytes' is a KEY log we must see, not a Printscreen of Quarantine.We have to see the actual log created when the removals were done. Since you have run this twice it likely would be the second log from the bottom in the Logs Tab of the program. I must see this log.

Please do not attach logs, copy/paste them. This protects others here from the possibility of downloading and infected file to their own computer.
Copy/Paste that Malwarebytes' log here pleas.

You receive the message when starting about the two items noted below because both are serious Trojans and were removed by Malwarebytes'

C:\Users\Xuyuan\AppData\Local\imanivago.dll
C :\Users\Xuyuan\AppData\Local\kSLexi.dll

You are receiving the message because they obviously were set to run at start up but since they were removed, as they should have been, sot therefore they cannot be found. And you most definitely DON'T want them back.

The version of HiJackThis you have used is literally years out of date. Please download the newest version which is 2.0.4 from this link http://free.antivirus.com/hijackthis/

Ok, thanks for posting back.

First of all Uninstall that Perfect Optimizer, it's junk. Could even be how you got infected in the first place. There is no earthly reason to use a Registry Cleaner. If there are infected points in the registry then good tools like Malwarebytes' Anti-Malware will remove them.

First of all try this:
Open Device Manager and on the VIEW Tab, select the Show hidden devices option.
Go down to non plug and play drivers and see if there is one called TDSSserv and disable it.

Then do the following:

If your OS is Windows 2000/2003, XP , Vista or Windows 7, please run the Microsoft® Windows® Malicious Software Removal Tool
*Due to the increasing prevalence of Rootkits, this step is especially important if you do not run this tool regularly when visiting Windows Updates.
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.
DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.

Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.

When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When MBA-M finishes, Notepad will open with the log. Please save it where you can …

You should really consider updating Internet Explorer. Version 6 is pretty outdated and insecure and is probably one of the main reasons for your malware issues.

OldTime, you have been warned once by Crunchie. I realize that you want to help but at this time attempting to install updates on an infected computer is a bad idea. The #1 rule for updating any part of the operating system, and IE IS part of the operating system, is that the system be clean and free of infection.
When the computer is clean THEN I will advise the poster what updates need to be done, and there are many more in addition to Internet Explorer.
PLUS the poster had not yet posted all the requested logs. We cannot advise anything else until all of those programs have been run and the logs posted. THEN we will advise on other clean up steps to complete BEFORE any updates recommending will be done.

You have some malware loading:

C:\DOCUME~1\phil\LOCALS~1\Temp\Tj1.exe

You are correct OldTime. We saw that, this is why the poster must follow all the steps in the Read Me Sticky. The longer he waits the more infected the computer will become.

jmainzer, this thread is one year old. You need to create your own thread rather than hijacking another person's thread.You need to follow the steps given in our Read Me First sticky and then create your own thread, stating all your problems and posting the requested logs from that Read Me sticky. Then somebody will gladly assist you in cleaning up the computer.

http://www.daniweb.com/forums/thread134865.html

Let me give you some advice though, your log shows at least parts of three different anti virus programs on there, AVG, McAfee and Norton. The absolute rule is ONE anti virus program should be running on a computer, no more. The HiJackThis version you are using is out of date. The latest version is 2.0.4 and can be found here http://free.antivirus.com/hijackthis/

How do you get them to stop? By posting the requested logs. We can't help until we see something more than "How do i get them to stop it i meant to say?????????????????"
If you are not willing to follow our requested steps then we cannot offer help. We have no idea what infection you have until we see the logs. Plus we have no idea what tools you have used and if those tools were the correct tools and up to date.

Hi welcome to daniweb.
First of all DON'T use system restore under any circumstances. It WON'T remove an infection. System Restore actually operates only on a very few system files and settings. System Restore backs up your registry. System Restore does not backup your data. If you delete or damage a file, System Restore will not recover it. System Restore will NOT uninstall a program. In fact if you have installed a program and find you don't want it if you use System Restore it may leave you with much of the program but it just won't be listed in Add/Remove, making it much harder to uninstall. System Restore does not keep old copies of your files or settings. If you're looking for an "old version" of a file or program that you used to have on your machine, System Restore isn't going to have it. System Restore does not fix your system. So if your computer crashes and needs to be repaired System Restore will not repair it.
I had downloaded a program whose site and program were approved by McAfee SiteAdvisor.
Please give me the name of the program AND the site where you got it.

Now I need to see the log from Malwarebytes'. Please post that here. Were any items found using any of the tools that you used? If so did you tell the tool to remove or quarantine whatever was found?
Post that log here for me and then we …

This thread is over one year old. Orginal poster never returned.

Need you to do all of the other steps in the Read Me sticky. HJT would possibly be requested AFTER all the other tools are run.

No problem.

You have used an outdated version of HiJackThis and judging by the log you are using either Vista or Windows 7, neither of which will get an accurate scan with this old version. You need to remove this one and download the newest version 2.0.4
http://free.antivirus.com/hijackthis/

We ask that you follow all of the instructions in our Read Me First sticky and post back here with all the requested logs. Then we can better offer some assistance.

I have never used this tool so I cannot advise what you should do next. Did you tell the tool to remove the infection?

Can I ask you where you actually FOUND these instructions. What web site and how did you find the web site?

Are you saying you used this tool or asking if it should be used?

Did you attempt to run any of those rkill files? They all are not .exe files.

Hello, try this. I want you to try running rkill to stop the process which is likely running in the background and therefore stopping the tools you need from running properly. Follow these steps exactly and then post the logs:
There are five different copies of rkill. Try them one at a time until ONE of them works.
These instructions are from BleepingComputerthe developer of the tool.
"RKill only terminates processes, after running it you should not reboot your computer as any malware processes that are set to start automatically, will just start up again. Instead, after running RKill you should scan your computer using your malware removal tool of choice. If there is a problem after running RKill, just reboot your computer and you will be back to where you started before running the program.
RKill can be downloaded from the following locations. Please note that the other file names below are RKill as well, just renamed in order to allow it run by certain malware.

* RKill.com Download Link
* RKill.exe Download Link
* RKill.scr Download Link
* eXplorer.exe Download Link - This renamed copy may trigger an alert from MBAM. It can be ignored and is safe.
* iExplore.exe Download Link

When RKill is run it will display a console screen
That console screen will continue to run until it RKill has finished. Once …

I got it working now, everything seems to be working properly. I've started running windows updates, including service pack 3, I assume that's the last thing I need to do.

Thanks again for all your help Jholland! you were a lot of help would have been completely lost otherwise :)

I am so pleased all worked out so well. Yes, your last step will be updating to SP3. I will mark this thread solved.
Judy

Right Click My Computer. Choose Properties. When that opens choose Hardware, Device Manager. When that opens go to the Sound, Video, Game Controllers and click the check mark. You should see your sound card in there and the manufacturer. Double click to open and you should be able to see the driver version installed. Then go to the mfg. website to see if there are newer drivers, download and install if there are new ones. Pick the newest one.

FANTASTIC job by the way tracking down and fixing the cd drives. Bravo!

Good. Are you still having the same problems?

There really ISN'T any reason to have Office auto starting when Windows starts up. All of it can be run manually without any trouble at all. I have always had Office on my machines and never have had it auto starting. There really is no reason to have it do that.

It looks much better. I am going to recommend that you change anti-virus program. AVG just isn't one of the higher ranked programs these days and as you have seen it offered you very little protection. Plus today I have helped with at least nine infected computers and six of them were running AVG 9, what does that tell you.
I strongly recommend that you remove it, via Add/Remove of course and then install an excellent FREE antivirus program. There are two I would recommend, either Avira Free, found here http://download.cnet.com/Avira-AntiVir-Personal-Free-Antivirus/3000-2239_4-10322935.html?part=dl-10322935&subj=dl&tag=button&cdlPid=11012914

or Avast Free found here; http://download.cnet.com/Avast-Free-Antivirus/3000-2239_4-10019223.html?part=dl-85737&subj=dl&tag=button

Both have very high rankings. I personally use Avira and have used it for at least two years, I am very pleased with it.
The choice is yours of course. But choose one and get rid of the AVG.
After you have done that, of course run a full scan with your new program. Have it clean or quarantine anything found.

Once that is complete then you also need to update your Java program as it is out of date.
Go Here and download the Offline Install file, save it to your desktop for easy access. http://www.java.com/en/download/manual.jsp

Then close all browsers, go to Add/Remove and Uninstall Java(TM) 6 Update 18.
Once the uninstall is complete then double click that install file on the desktop to install the new version. Be sure to watch the install carefully, it will …