[RKinner]

Clear the Java Cache by following the instructions on

http://www.java.com/...lugin_cache.xml

 

You do not have the latest Java.

First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)

I see:

Java™ 6 Update 14

 

Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.

 

If you feel you must have Java:

Get the latest Java at:

http://www.java.com/en/

 

Save it to your PC then close all browsers and install it.  Do not let it install the yahoo toolbar or other foistware.

Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.

 

(If you also want the 64 bit version then use the 64 bit version of IE to get it.)

 

You also need to update Adobe Reader.  https://get.adobe.com/reader/

Uncheck the Optional Offers before Downloading.

 

RealPlayer is not happy.  I would uninstall it and if you need it then download a new version.

 

 

If you are still seeing the number, try booting into Safe Mode.

 

(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly.  Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking.  Login with your usual login.)

 

 

 Do you still see it?

[Advertisements]

Removed Java and Real Player. Number was still there when booted in safe mode.

[Amanda Martin]

Removed Java and Real Player. Number was still there when booted in safe mode.

[RKinner]

get autoruns from

http://live.sysinter...om/autoruns.exe

 

Download Save and Run the program by right clicking and Run As Admin.   File, Save, to your desktop, autoruns.arn, OK

 

Either zip up the file if you have the ability (7-zip works nicely) or just rename it from autoruns.arn to autoruns.txt then ATTACH it.  Do not copy and paste.

[Amanda Martin]

 autoruns.txt   76.92KB   136 downloads

 

File attached. Sorry it took so long to reply.

[RKinner]

Looking at your last FRST scan again I see:

 

(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

 

This is probably a valid file but I cannot see how it starts running.  Also we usually use the cmd.exe file in C:\Windows\System32 not in SysWOW64.

 

Run Process Explorer again and sort things by name by clicking once or twice on Process.  Then find cmd.exe and right click on it and Suspend.  Does anything happen to your number?

 

Another possibility is something tacked into Explorer:

 

download ShellExView.

 

http://www.nirsoft.n...s/shexview.html

 

Use this download:

http://www.nirsoft.n...xview_setup.exe

 

Once you get it installed, run it and look in the third or fourth column from the RIGHT. It should say MICROSOFT. Click once or twice on MICROSOFT so that items with NO are at the top.

Select all of the NO items and then click on the red led looking icon in the upper left. This should disable all of the non-microsoft additions to Explorer. Reboot and see if you still get the number.

[Amanda Martin]

The number is still there but my mom's not really worried about it as long as there's nothing malicious associated with it. Unless this has become personal for you, I think we're good

[RKinner]

OK.