« previous next »
Pages: 1 [2]   Go Down

Author Topic: My Security Shield Virus  (Read 1397 times)

0 Members and 2 Guests are viewing this topic.

Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11530
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: My Security Shield Virus
« Reply #15 on: June 18, 2011, 02:03:26 AM »
Searching that error, I see that it is a result of an interrupted or incomplete uninstall.  Go ahead and download and run ComboFix.  We'll see what Java files/folders are remaining.
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline sjt2900

  • Newbie
  • *
  • Posts: 29
Re: My Security Shield Virus
« Reply #16 on: June 18, 2011, 02:36:25 AM »
ComboFix 11-06-17.04 - Stephanie Turner 06/17/2011  21:22:47.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.1546 [GMT -5:00]
Running from: c:\documents and settings\Stephanie Turner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Stephanie Turner\Application Data\Eqak
c:\documents and settings\Stephanie Turner\Application Data\Eqak\opbo.ihh
c:\documents and settings\Stephanie Turner\Application Data\Eqak\opbo.tmp
c:\documents and settings\Stephanie Turner\Application Data\system\verona
c:\documents and settings\Stephanie Turner\Local Settings\Application Data\gcquvbfteq.exe
c:\documents and settings\Stephanie Turner\Local Settings\Application Data\mvmvyvwlxh.exe
c:\documents and settings\Stephanie Turner\Local Settings\Application Data\nyswrvlatj.exe
c:\documents and settings\Stephanie Turner\Local Settings\Application Data\rnicmpsj.exe
c:\documents and settings\Stephanie Turner\WINDOWS
c:\windows\config.ini
.
.
(((((((((((((((((((((((((   Files Created from 2011-05-18 to 2011-06-18  )))))))))))))))))))))))))))))))
.
.
2011-06-18 01:30 . 2011-06-18 01:30   63115   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2011-06-18 01:30 . 2011-06-18 01:30   6429   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2011-06-18 01:30 . 2011-06-18 01:30   4599   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2011-06-18 01:30 . 2011-06-18 01:30   8646   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2011-06-18 01:30 . 2011-06-18 01:30   9310   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2011-06-18 01:30 . 2011-06-18 01:30   5927   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2011-06-18 01:30 . 2011-06-18 01:30   8613   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2011-06-18 01:30 . 2011-06-18 01:30   1651   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2011-06-18 01:30 . 2011-06-18 01:30   6910   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2011-06-18 01:30 . 2011-06-18 01:30   6208   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2011-06-18 01:30 . 2011-06-18 01:30   18541   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2011-06-18 01:30 . 2011-06-18 01:30   8288   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2011-06-18 01:29 . 2011-06-18 01:29   51852   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2011-06-18 01:29 . 2011-06-18 01:29   7271   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2011-06-18 01:29 . 2011-06-18 01:29   23327   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2011-06-18 01:29 . 2011-06-18 01:29   20719   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2011-06-18 01:29 . 2011-06-18 01:29   8782   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2011-06-16 21:01 . 2011-06-16 21:01   --------   d-----w-   c:\program files\Common Files\Adobe AIR
2011-06-16 20:49 . 2011-06-16 20:56   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-06-16 20:49 . 2011-06-16 20:56   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-06-16 20:49 . 2011-06-16 20:56   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-06-16 20:49 . 2011-06-16 20:56   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-06-16 20:49 . 2011-06-16 20:56   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-06-16 20:49 . 2011-06-16 20:56   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-06-16 20:49 . 2011-06-16 20:56   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-06-16 20:49 . 2011-06-16 20:56   --------   d-----w-   c:\program files\QuickTime
2011-06-16 20:47 . 2011-06-16 20:47   --------   d-----w-   c:\program files\Apple Software Update
2011-06-16 18:03 . 2011-06-16 18:03   --------   d-----w-   c:\documents and settings\Stephanie Turner\Local Settings\Application Data\Secunia PSI
2011-06-16 18:03 . 2011-06-16 18:03   --------   d-----w-   c:\program files\Secunia
2011-06-16 15:26 . 2011-06-16 15:26   --------   d-----w-   c:\windows\system32\wbem\Repository
2011-06-16 11:04 . 2011-06-16 11:04   233472   --sha-r-   c:\windows\system32\eapsvc9.dll
2011-06-14 20:00 . 2011-06-14 20:00   404640   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-10 11:23 . 2011-05-09 20:46   6962000   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{616A6250-9E47-4E3D-B1E7-999F6A72254A}\mpengine.dll
2011-06-09 15:24 . 2011-06-16 15:27   --------   d-----w-   c:\documents and settings\Guest
2011-06-07 23:47 . 2011-06-07 23:47   --------   d-----w-   c:\program files\Common Files\xing shared
2011-06-06 17:55 . 2011-06-06 17:55   183696   ----a-w-   c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-07 23:46 . 2003-02-21 11:42   348160   ----a-w-   c:\windows\system32\msvcr71.dll
2011-05-29 14:11 . 2011-04-04 16:32   39984   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 14:11 . 2011-04-04 16:31   22712   -c--a-w-   c:\windows\system32\drivers\mbam.sys
2011-05-25 00:14 . 2010-01-25 20:50   222080   ------w-   c:\windows\system32\MpSigStub.exe
2011-05-09 20:46 . 2010-01-27 19:21   6962000   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-13 2424192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-29 8466432]
"nwiz"="nwiz.exe" [2007-06-29 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-29 81920]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-07-31 283792]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-07 273544]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
.
c:\documents and settings\Stephanie Turner\Start Menu\Programs\Startup\
ScaleGrd.exe [2005-2-9 143360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
VPN Client.lnk - c:\windows\Installer\{176130BC-99A1-41FE-A78B-56045E33AD70}\Icon3E5562ED7.ico [2009-8-12 6144]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [1/17/2011 9:02 PM 16024]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [1/17/2011 9:02 PM 220824]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [4/19/2011 1:44 AM 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [4/19/2011 1:44 AM 399416]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2/3/2009 3:39 PM 427192]
R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [11/28/2007 1:53 PM 36224]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 3:30 AM 15544]
S1 MpKsl569355b0;MpKsl569355b0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4DF35C41-A39C-48DE-B88D-D1057B647393}\MpKsl569355b0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4DF35C41-A39C-48DE-B88D-D1057B647393}\MpKsl569355b0.sys [?]
S1 MpKslb50d6339;MpKslb50d6339;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A768BDEC-EED7-4FE0-B373-B2F2AB5861C9}\MpKslb50d6339.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A768BDEC-EED7-4FE0-B373-B2F2AB5861C9}\MpKslb50d6339.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 11:08 AM 135664]
S3 CSVirtA;Cisco Systems SSL VPN Adapter;c:\windows\system32\drivers\CSVirtA.sys [11/28/2007 5:27 PM 22136]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 11:08 AM 135664]
S3 PortEmulatorTSP650;Port Emulator (TSP650);c:\program files\StarMicronics\TSP650\Software\VirtualPortEmulator\Software\VSPEU\portemu_umdf.exe [6/25/2007 4:45 PM 114688]
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2011-06-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-17 12:36]
.
2011-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 16:08]
.
2011-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 16:08]
.
2011-06-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1078081533-115176313-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
2011-06-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1078081533-115176313-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} - hxxps://vpn.aventinerei.com/CACHE/webvpn/stc/1/binaries/stcweb.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn.aventineenergy.com/CACHE/stc/1/binaries/vpnweb.cab
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKLM-Run-PC Pitstop Optimize Reminder - c:\program files\PCPitstop\Optimize2\Reminder.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-17 21:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1078081533-115176313-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence"="01E3C32-838A-CCE5-C956-1A1C"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1072)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2011-06-17  21:33:11
ComboFix-quarantined-files.txt  2011-06-18 02:33
.
Pre-Run: 237,460,373,504 bytes free
Post-Run: 238,601,662,464 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - D4699BF22D574D3059802409131D756C
Logged

Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11530
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: My Security Shield Virus
« Reply #17 on: June 18, 2011, 06:36:15 PM »
Hi, sjt2900.

Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

  • Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK).  Copy/Paste all of the text present inside the code box below:
Code: [Select]
Folder::
c:\program files\java

File::
C:\WINDOWS\system32\java.exe
C:\WINDOWS\system32\javaw.exe
C:\WINDOWS\system32\javaws.exe

DDS::
mRun: [SunJavaUpdateSched]
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} -
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
  • Save this as CFScript.txt and place it on your desktop.
  • Close any open browsers.
  • Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.




  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline sjt2900

  • Newbie
  • *
  • Posts: 29
Re: My Security Shield Virus
« Reply #18 on: June 18, 2011, 10:28:44 PM »
ComboFix 11-06-17.04 - Stephanie Turner 06/18/2011  17:12:10.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.1446 [GMT -5:00]
Running from: c:\documents and settings\Stephanie Turner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Stephanie Turner\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\windows\system32\java.exe"
"c:\windows\system32\javaw.exe"
"c:\windows\system32\javaws.exe"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\java
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_JavaQuickStarterService
-------\Service_JavaQuickStarterService
.
.
(((((((((((((((((((((((((   Files Created from 2011-05-18 to 2011-06-18  )))))))))))))))))))))))))))))))
.
.
2011-06-16 21:01 . 2011-06-16 21:01   --------   d-----w-   c:\program files\Common Files\Adobe AIR
2011-06-16 20:49 . 2011-06-16 20:56   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-06-16 20:49 . 2011-06-16 20:56   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-06-16 20:49 . 2011-06-16 20:56   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-06-16 20:49 . 2011-06-16 20:56   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-06-16 20:49 . 2011-06-16 20:56   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-06-16 20:49 . 2011-06-16 20:56   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-06-16 20:49 . 2011-06-16 20:56   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-06-16 20:49 . 2011-06-16 20:56   --------   d-----w-   c:\program files\QuickTime
2011-06-16 20:47 . 2011-06-16 20:47   --------   d-----w-   c:\program files\Apple Software Update
2011-06-16 18:03 . 2011-06-16 18:03   --------   d-----w-   c:\documents and settings\Stephanie Turner\Local Settings\Application Data\Secunia PSI
2011-06-16 18:03 . 2011-06-16 18:03   --------   d-----w-   c:\program files\Secunia
2011-06-16 15:26 . 2011-06-16 15:26   --------   d-----w-   c:\windows\system32\wbem\Repository
2011-06-16 11:04 . 2011-06-16 11:04   233472   --sha-r-   c:\windows\system32\eapsvc9.dll
2011-06-14 20:00 . 2011-06-14 20:00   404640   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-10 11:23 . 2011-05-09 20:46   6962000   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{616A6250-9E47-4E3D-B1E7-999F6A72254A}\mpengine.dll
2011-06-09 15:24 . 2011-06-16 15:27   --------   d-----w-   c:\documents and settings\Guest
2011-06-07 23:47 . 2011-06-07 23:47   --------   d-----w-   c:\program files\Common Files\xing shared
2011-06-06 17:55 . 2011-06-06 17:55   183696   ----a-w-   c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-07 23:46 . 2003-02-21 11:42   348160   ----a-w-   c:\windows\system32\msvcr71.dll
2011-05-29 14:11 . 2011-04-04 16:32   39984   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 14:11 . 2011-04-04 16:31   22712   -c--a-w-   c:\windows\system32\drivers\mbam.sys
2011-05-25 00:14 . 2010-01-25 20:50   222080   ------w-   c:\windows\system32\MpSigStub.exe
2011-05-09 20:46 . 2010-01-27 19:21   6962000   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-13 2424192]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-29 8466432]
"nwiz"="nwiz.exe" [2007-06-29 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-29 81920]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-07-31 283792]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-07 273544]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
.
c:\documents and settings\Stephanie Turner\Start Menu\Programs\Startup\
ScaleGrd.exe [2005-2-9 143360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
VPN Client.lnk - c:\windows\Installer\{176130BC-99A1-41FE-A78B-56045E33AD70}\Icon3E5562ED7.ico [2009-8-12 6144]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [1/17/2011 9:02 PM 16024]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [1/17/2011 9:02 PM 220824]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [4/19/2011 1:44 AM 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [4/19/2011 1:44 AM 399416]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2/3/2009 3:39 PM 427192]
R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [11/28/2007 1:53 PM 36224]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 3:30 AM 15544]
S1 MpKsl569355b0;MpKsl569355b0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4DF35C41-A39C-48DE-B88D-D1057B647393}\MpKsl569355b0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4DF35C41-A39C-48DE-B88D-D1057B647393}\MpKsl569355b0.sys [?]
S1 MpKslb50d6339;MpKslb50d6339;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A768BDEC-EED7-4FE0-B373-B2F2AB5861C9}\MpKslb50d6339.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A768BDEC-EED7-4FE0-B373-B2F2AB5861C9}\MpKslb50d6339.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 11:08 AM 135664]
S3 CSVirtA;Cisco Systems SSL VPN Adapter;c:\windows\system32\drivers\CSVirtA.sys [11/28/2007 5:27 PM 22136]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 11:08 AM 135664]
S3 PortEmulatorTSP650;Port Emulator (TSP650);c:\program files\StarMicronics\TSP650\Software\VirtualPortEmulator\Software\VSPEU\portemu_umdf.exe [6/25/2007 4:45 PM 114688]
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2011-06-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-17 12:36]
.
2011-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 16:08]
.
2011-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 16:08]
.
2011-06-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1078081533-115176313-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
2011-06-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1078081533-115176313-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} - hxxps://vpn.aventinerei.com/CACHE/webvpn/stc/1/binaries/stcweb.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn.aventineenergy.com/CACHE/stc/1/binaries/vpnweb.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-18 17:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1078081533-115176313-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence"="01E3C32-838A-CCE5-C956-1A1C"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1072)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\wdmaud.drv
.
- - - - - - - > 'explorer.exe'(3944)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Cisco Systems\SSL VPN Client\agent.exe
c:\windows\System32\wudfhost.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\documents and settings\Stephanie Turner\Start Menu\Programs\Startup\ScaleGrd.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-06-18  17:23:38 - machine was rebooted
ComboFix-quarantined-files.txt  2011-06-18 22:23
ComboFix2.txt  2011-06-18 02:33
.
Pre-Run: 238,601,519,104 bytes free
Post-Run: 238,502,481,920 bytes free
.
- - End Of File - - 500BAA0083D088310FF903DC8801A17B
Logged

Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11530
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: My Security Shield Virus
« Reply #19 on: June 18, 2011, 11:53:48 PM »
Please go here to run an on-line scan from ESET.
  • Note: It is easiest if you use Internet explorer for this scan.  (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic and also let me know how things are now.




Please also see if you can install Java SE Runtime Environment 6u26.  
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline sjt2900

  • Newbie
  • *
  • Posts: 29
Re: My Security Shield Virus
« Reply #20 on: June 19, 2011, 01:09:51 AM »
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6526
# api_version=3.0.2
# EOSSerial=dddd538bf4087c43bc09ddd88112f739
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-06-19 12:53:21
# local_time=2011-06-18 07:53:21 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5891 16776549 42 87 0 19543808 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=48778
# found=10
# cleaned=0
# scan_time=2255
C:\Documents and Settings\Stephanie Turner\Application Data\Sun\Java\Deployment\cache\6.0\1\3ce10341-10a53e0c   multiple threats (unable to clean)   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\Documents and Settings\Stephanie Turner\Local Settings\Application Data\gcquvbfteq.exe.vir   a variant of Win32/Kryptik.PER trojan (unable to clean)   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\Documents and Settings\Stephanie Turner\Local Settings\Application Data\mvmvyvwlxh.exe.vir   a variant of Win32/Kryptik.PER trojan (unable to clean)   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\Documents and Settings\Stephanie Turner\Local Settings\Application Data\nyswrvlatj.exe.vir   a variant of Win32/Kryptik.PER trojan (unable to clean)   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\Documents and Settings\Stephanie Turner\Local Settings\Application Data\rnicmpsj.exe.vir   a variant of Win32/Kryptik.PER trojan (unable to clean)   00000000000000000000000000000000   I
C:\System Volume Information\_restore{4E9DF651-9487-4CE6-940E-FF6E61692305}\RP2\A0001043.exe   a variant of Win32/Kryptik.PER trojan (unable to clean)   00000000000000000000000000000000   I
C:\System Volume Information\_restore{4E9DF651-9487-4CE6-940E-FF6E61692305}\RP8\A0001607.exe   a variant of Win32/Kryptik.PER trojan (unable to clean)   00000000000000000000000000000000   I
C:\System Volume Information\_restore{4E9DF651-9487-4CE6-940E-FF6E61692305}\RP8\A0001608.exe   a variant of Win32/Kryptik.PER trojan (unable to clean)   00000000000000000000000000000000   I
C:\System Volume Information\_restore{4E9DF651-9487-4CE6-940E-FF6E61692305}\RP8\A0001609.exe   a variant of Win32/Kryptik.PER trojan (unable to clean)   00000000000000000000000000000000   I
C:\System Volume Information\_restore{4E9DF651-9487-4CE6-940E-FF6E61692305}\RP8\A0001610.exe   a variant of Win32/Kryptik.PER trojan (unable to clean)   00000000000000000000000000000000   I
Logged

Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11530
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: My Security Shield Virus
« Reply #21 on: June 19, 2011, 01:40:52 AM »
Excellent, sjt2900.

The only thing you need to take care of is the Java Cache.  The other items will be taken care of with the uninstall of ComboFix.

The the instructions are here for clearing the Java cache:  How do I clear the Java cache?.  However, if you haven't attempted Java yet, I suggest deleting the Sun folder located at C:\Documents and Settings\Stephanie Turner\Application Data\Sun.  It will be recreated when Java is installed.

Please do the following to implement cleanup procedures and also to reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Note: In the event you wish to contribute to the ongoing development of ComboFix, the developer is accepting donations via PayPal.


Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline sjt2900

  • Newbie
  • *
  • Posts: 29
Re: My Security Shield Virus
« Reply #22 on: June 19, 2011, 07:28:44 PM »
I deleted the Sun folder. Uninstalled Combo Fix. Tried to install Java and got the intenal error 2753.regutils.dll again.
Logged

Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11530
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: My Security Shield Virus
« Reply #23 on: June 19, 2011, 09:44:47 PM »
I'll do some more research on that error.  There was a registry edit that was given at one of the sites, but it was stated that it was not always needed.  I was hoping it would work without the regedit.
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11530
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: My Security Shield Virus
« Reply #24 on: June 19, 2011, 11:06:58 PM »
I found a batch file at another security forum, WhatTheTech.  It was created by a member of the TechTeam and has been successfully used for the past year.  I'm hoping it will solve your problem.

Although the tool will first create a restore point and you have a new restore point created with the uninstall of ComboFix, it wouldn't hurt to create a manual restore point prior to proceeding.

Quote
Instructions: Download the executable and run it. Accept the disclaimer agreement and use the "Click To Fix" button to fix this Java problem. This program will first attempt to make a restore point before making any changes to your system. If it is unsuccessful it will warn you of such.

Download link:  JavaMSIFix.exe

Download the file to your desktop.  After running the tool, download the latest version of Java.  It is recommended that you use the offline installer:  http://java.com/en/download/manual.jsp

You can delete the JavaMSIFix.exe file after using it.

Fingers Crossed. :)
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline sjt2900

  • Newbie
  • *
  • Posts: 29
Re: My Security Shield Virus
« Reply #25 on: June 20, 2011, 01:28:55 AM »
I just received a message saying, " You've successfully installed Java!" I think we did it!!!  Or, you did it, but I'm very grateful. Thanks so much for the help! Now I delete JavaMSIFis.exe. Right?  And about the firewall, those you suggested are better than the windows firewall? I tried ZoneAlarm at one time and it made me crazy with all the questions that I just didn't know the answers to.
Logged

Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11530
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: My Security Shield Virus
« Reply #26 on: June 20, 2011, 02:30:48 AM »
Yippee!!!  :dance:   I'm so glad that worked.  Yes, you can delete the file now.

Generally, on Windows XP a software firewall is recommended.  They will, however, ask questions about permissions. The Windows Vista and Windows 7 firewalls are very good though.

Are you behind a router?
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline sjt2900

  • Newbie
  • *
  • Posts: 29
Re: My Security Shield Virus
« Reply #27 on: June 20, 2011, 03:52:53 PM »
 Yes, I am.
Logged
Pages: 1 [2]   Go Up
« previous next »