Kelly in Tx

Thank you. I don't consider it a threat, or junk. It helps with hardware scans etc... and I find that worth keeping. It would be excellent if JRT would allow the user the option of not deleting something. But at least now I know.

Well I finally got it going back to the way I think it was. I had to jump through a bunch of hoops to get my Dell software running again. I hope it is right. The two files are back, that JRT deleted. It must be connected to the Dell software, that monitors updates, and does diagnostics and stuff.

Successfully deleted: [Task] C:\WINDOWS\system32\tasks\PCDEventLauncherTask Successfully deleted: [Task] C:\WINDOWS\system32\tasks\PCDoctorBackgroundMonitorTask Well it didn't let me have a choice to delete, or not delete, it just did it. (I am using Win10) Now my scheduled CheckUp is disabled from Dell. All of the monitored programs disappeared from the taskbar. (except 2) I don't know if they are running now, or not. I luckily did a full backup today with my free backup software. But I went to my external hard drive, and it did not find those particular files. I went to Recycle Bin, and it was empty. So I could not restore them. I could go to my restore point made earlier, but it said I may lose some files if I did that. I did create a restore point, before running JRT. JRT did a restore point also, and then deleted only these two files mentioned above. I don't think these are in the full backup I did previously. I could get the emergency flash drive out, but I don't want to go back to that time frame. So I wish they would allow you to review what they want to delete, and then run the deletion. Now I am not sure what to do.

It must of been a false positive. I ran another update and re-scanned and now Malwarebytes shows no virus at all. Thank you all so much for the help.

I don't have any cdrom emulation software that I am aware of. This is like a mirror of your hard drive? (I am just reading the steps)

Thanks for all the comments, and so fast too. I wasn't sure it was a false positive, or I would of posted on that forum instead. I will read what I need to do from the comments, and take the appropriate steps. Thanks again, very much.

Malwarebytes is seeing c:\program files\Java\jre6\bin\java.exe and c:\WINDOWS\system32\java.exe as a trojan I updated java and flash player. Kaspersky shows the XP desktop is clean. But Malwarebytes saw java as a trojan. I removed java. I had checked for virus before activating the update. Well I redownloaded java last night. As before I double checked with Kaspersky before activation of the updates. Last night after the updates I did a full scan in Kaspersky. It says I am clean. This morning I did a check again with Malwarebytes, and it says I have two trojans again. Has anyone else had this problem? I did email Malwarebytes to let them know I thought it might be a false positive, but I am not sure. I see no way to send these files to Malwarebytes for inspection.

alright thanks...that is strange, but it is possible I guess...

I just updated and got a hit on GMER program saying it was a trojan. c:\documents and settings\Kelly\Desktop\gmer\gmer.exe (Trojan.Agent) -> No action taken.

This is from Virus Total. I did a browse, then put this in on all files...C:\WINDOWS\system32\sksdrvr2.sys There was a file under that that said Readme.txt So if this is really it, then none of the av found it to be an infection. Of course they may all be wrong, and your checker was correct. File Readme.txt received on 12.12.2008 22:58:02 (CET) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 0/38 (0%) Loading server information... Your file is queued in position: 1. Estimated start time is between 38 and 55 seconds. Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Compact Print results Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result AhnLab-V3 2008.12.12.2 2008.12.12 - AntiVir 7.9.0.45 2008.12.12 - Authentium 5.1.0.4 2008.12.12 - Avast 4.8.1281.0 2008.12.12 - AVG 8.0.0.199 2008.12.12 - BitDefender 7.2 2008.12.12 - CAT-QuickHeal 10.00 2008.12.12 - ClamAV 0.94.1 2008.12.12 - Comodo 741 2008.12.12 - DrWeb 4.44.0.09170 2008.12.12 - eSafe 7.0.17.0 2008.12.11 - eTrust-Vet 31.6.6258 2008.12.12 - Ewido 4.0 2008.12.12 - F-Prot 4.4.4.56 2008.12.12 - F-Secure 8.0.14332.0 2008.12.12 - Fortinet 3.117.0.0 2008.12.12 - GData 19 2008.12.12 - Ikarus T3.1.1.45.0 2008.12.12 - K7AntiVirus 7.10.552 2008.12.12 - Kaspersky 7.0.0.125 2008.12.12 - McAfee 5461 2008.12.11 - McAfee+Artemis 5461 2008.12.11 - Microsoft 1.4205 2008.12.12 - NOD32 3688 2008.12.12 - Norman 5.80.02 2008.12.12 - Panda 9.0.0.4 2008.12.12 - PCTools 4.4.2.0 2008.12.12 - Prevx1 V2 2008.12.12 - Rising 21.07.42.00 2008.12.12 - SecureWeb-Gateway 6.7.6 2008.12.12 - Sophos 4.36.0 2008.12.12 - Sunbelt 3.2.1801.2 2008.12.11 - Symantec 10 2008.12.12 - TheHacker 6.3.1.2.186 2008.12.12 - TrendMicro 8.700.0.1004 2008.12.12 - VBA32 3.12.8.10 2008.12.12 - ViRobot 2008.12.12.1515 2008.12.12 - VirusBuster 4.5.11.0 2008.12.12 - Additional information File size: 374 bytes MD5...: 05dbf0935e58307b5036ff276828b086 SHA1..: 68dc8a130e89ec1e37a655afd592bf92a4355274 SHA256: 5663068450a4775e11b151070c7614a550a33fb65db99f53bfb99754249190c5 SHA512: 3f2bf2a3d22fb9f703155f4c533f01f08f4e1dd492616de9f6859627cb585a98 9888c7961d6743eb24d5bd33162973e5e0ccfcca6682fd4b4c74a06722c66d55 ssdeep: 6:hDyyFSShllzLVmyFjsVIBrAyEcEyl8HhKAycWD4IwBGwxxO4q5JmJnml:huyhh bLYyimSyJxYcAyn4G1H+nml PEiD..: - TrID..: File type identification Unknown! PEInfo: - ATENTION ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware. Malwarebytes' Anti-Malware 1.31 Database version: 1483 Windows 5.1.2600 Service Pack 3 12/12/2008 4:08:18 PM mbam-log-2008-12-12 (16-08-11).txt Scan type: Quick Scan Objects scanned: 63712 Time elapsed: 5 minute(s), 37 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\sksdrvr2.sys (Trojan.Agent) -> No action taken. [3857535134305383807566791534727079851301362761564247374856526184908485707820196 1847684698387831915849084] Readme.txt Readme.txt