Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser redirects on Google searches! Argh!


  • This topic is locked This topic is locked
10 replies to this topic

#1 jca2010

jca2010

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 02 January 2011 - 12:40 AM

Hi guys,

I was beginning to lose hope when I stumbled upon this forum. Very impressed with the dedication all the helpers here show to fixing problems many of us seem to have. Thanks to all of you for the tireless work you do here.

I have the typical redirect problem a lot of people here have. I search for a term in Google, click on a result, and end up on some random site.

Ran Adaware and a couple of other reputable malware tools, but all to no avail.

One admission: I got ahead of myself and read some of the help threads for people with similar (identical) sounding problems. Ended up running Combofix before realizing I shouldn't do that without the direction of a helper. The computer seems to boot much slower now, unfortunately. Hopefully that didn't mess things up too badly.

So, in any case, I've now started following the guide for initiating topics. Complete through Step 7 (DDS log pasted below), but unable to complete Step 8 to create a GMER log due to the whole PC freezing while running the scan (mouse is responsive, but can only cycle power to recover). Looking at some other forum posts about not being able to run GMER I've tried further unchecking Devices - same freezing problem. Then tried unchecking all options except Sections. Same freeze. Humbug.

Anyway, sorry again for jumping the gun to get started before posting. I should have read the instructions more carefully... and first.

Cheers


DDS (Ver_10-12-12.02) - NTFSx86
Run by jallport at 0:43:56.64 on Wed 12/29/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1395 [GMT -5:00]

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe
C:\Program Files\Quanser\QuaRC\quanser_license_manager.exe
C:\Program Files\Quanser\QuaRC\quarc_target_manager.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Quanser\QuaRC\quarc_tray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Documents and Settings\JALLPORT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\RealVNC\vncviewer.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 1\firefox.exe
C:\Documents and Settings\JALLPORT\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://intranet.mdrobotics.ca/
uInternet Connection Wizard,ShellNext = https://wms/certsrv
uInternet Settings,ProxyOverride = 127.0.0.1
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [Google Update] "c:\documents and settings\jallport\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [QuarcTray] "c:\program files\quanser\quarc\quarc_tray.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [RunNarrator] Narrator.exe
dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x0990 -f video -m logitech -d 11.80.1048.0
uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1)
mPolicies-system: CompatibleRUPSecurity = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: mdaportal.com\citrix
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.3.1/jinstall-1_3_1-windows-i586.cab
DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} - hxxp://www.weeklytime.com/WFC/plugins/j2re-1_3_1_02-win.exe
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Filter: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - c:\program files\design science\mathplayer\MathMLMimer.dll
Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - c:\program files\design science\mathplayer\MathMLMimer.dll
Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - c:\program files\design science\mathplayer\MathMLMimer.dll
Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - c:\program files\design science\mathplayer\MathMLMimer.dll
Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - c:\program files\design science\mathplayer\MathMLMimer.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: LCredMgr - c:\program files\novell\casa\bin\lcredmgr.dll
Notify: nzrNotifier - nzrNotifier.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: ZENworks Adaptive Agent: {763370c4-268e-4308-a60c-d8da0342be32} - c:\program files\novell\zenworks\bin\NalShell.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jallport\applic~1\mozilla\firefox\profiles\d3ed44ut.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - plugin: c:\documents and settings\jallport\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\jallport\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\jallport\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\righth~1\deepvi~1\npDeepView.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\3.0.50106.0\npctrlui.dll
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Fox To Phone: sendtophone@martinezdelizarrondo.com - %profile%\extensions\sendtophone@martinezdelizarrondo.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox 4.0 beta 1\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\google\google gears\Firefox
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-12-28 64288]
R0 NifFltr;NifFltr;c:\windows\system32\drivers\niffltr.sys [2008-1-28 25300]
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2006-10-18 58464]
R1 RCFOX;SonicWALL IPsec Driver;c:\windows\system32\drivers\RCFOX.SYS [2009-7-29 86552]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2006-10-18 103744]
R2 Quanser License Manager;Quanser License Manager;c:\program files\quanser\quarc\quanser_license_manager.exe [2008-8-19 409600]
R2 QuaRC Target Manager;QuaRC Target Manager;c:\program files\quanser\quarc\quarc_target_manager.exe [2008-8-19 430080]
R2 VPCAppSv;Virtual PC Application Services;c:\windows\system32\drivers\vpcappsv.sys [2004-5-17 10374]
R2 WNTHW;WNTHW;c:\windows\system32\drivers\WNTHW.SYS [2008-9-17 9176]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2008-3-12 31896]
S2 gupdate1c8ec2fb27fc7ab;Google Update Service (gupdate1c8ec2fb27fc7ab);c:\program files\google\update\GoogleUpdate.exe [2008-7-22 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 1389400]
S3 AgDataUpdateSvc9;AGI Data Update Service for STK 9;c:\program files\agi\stk 9\bin\AgDataUpdateSvc9.exe [2010-5-7 54728]
S3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2006-10-18 114624]
S3 Novell Identity Store;Novell Identity Store;c:\program files\novell\casa\bin\micasad.exe [2008-1-3 241664]
S3 Novell ZENworks Agent Service;Novell ZENworks Agent Service;c:\program files\novell\zenworks\bin\ZenworksWindowsService.exe [2008-5-15 24576]
S3 nzwinvnc;Novell ZENworks Remote Management powered by VNC;c:\program files\novell\zenworks\bin\nzrWinVNC.exe [2008-5-9 2113536]
S3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys [2009-7-29 24876]
S3 sershare;ELTIMA Shared Serial Ports Driver;c:\windows\system32\drivers\sershare.sys [2009-10-10 49664]
S3 sharebus;Shared Serial Ports Bus Enumerator;c:\windows\system32\drivers\sharebus.sys [2009-10-10 23296]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 ZENPreAgent;Novell ZENworks Pre Agent;c:\windows\novell\zenworks\bin\ZENPreAgent.exe [2008-9-17 163840]
S3 ZENRemDistServ;ZENworks Remote Distribution;c:\windows\system32\ZDPAServ.exe [2008-9-17 69632]
S4 McShield;Network Associates McShield;c:\program files\network associates\virusscan\Mcshield.exe [2005-8-22 221191]
S4 McTaskManager;Network Associates Task Manager;c:\program files\network associates\virusscan\VsTskMgr.exe [2005-8-22 29184]
S4 Vmover.exe;Quest Resource Updating Agent;c:\windows\system32\Vmover.exe [2009-6-18 987136]

=============== Created Last 30 ================

2010-12-29 04:13:37 98816 ----a-w- c:\windows\sed.exe
2010-12-29 04:13:37 89088 ----a-w- c:\windows\MBR.exe
2010-12-29 04:13:37 256512 ----a-w- c:\windows\PEV.exe
2010-12-29 04:13:37 161792 ----a-w- c:\windows\SWREG.exe
2010-12-29 04:04:57 -------- d-----w- c:\docume~1\jallport\applic~1\2yqzjwobzllrctoiraammrhdgc1ewhy2
2010-12-29 03:22:28 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-12-28 17:19:14 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-12-28 17:19:11 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-28 17:06:56 -------- d-----w- c:\docume~1\jallport\locals~1\applic~1\Sunbelt Software
2010-12-28 16:37:33 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2010-12-28 16:37:19 -------- d-----w- c:\program files\Lavasoft
2010-12-28 16:16:28 -------- d-----w- c:\program files\Glary Utilities
2010-12-05 17:31:14 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-12-05 17:31:14 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-12-04 00:41:19 -------- d-----w- c:\docume~1\jallport\locals~1\applic~1\HandBrake
2010-12-04 00:41:14 -------- d-----w- c:\docume~1\jallport\applic~1\HandBrake
2010-12-04 00:41:10 -------- d-----w- c:\program files\Handbrake
2010-12-01 18:26:50 -------- d-----w- c:\program files\MKS
2010-12-01 18:09:14 -------- d-----w- C:\SP
2010-12-01 17:56:11 -------- d-----w- c:\program files\Snapshot Viewer
2010-12-01 17:54:46 -------- d-----w- C:\ART2KMin Setup

==================== Find3M ====================

2008-01-03 19:37:28 114688 ----a-w- c:\program files\ad_ff.dll

============= FINISH: 0:44:15.32 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:04 AM

Posted 02 January 2011 - 10:08 AM

Hello jca2010 ,

Posted Image

Can I please see the ComboFix report? :)

Thank you,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 jca2010

jca2010
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 02 January 2011 - 11:14 AM

Hi Teacup, thanks for the quick reply.

Sure thing!

ComboFix.txt attached..

Also, Combofix-quarantined-files.txt attached... seems ComboFix did find something.

Attached Files



#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:04 AM

Posted 02 January 2011 - 11:17 AM

Hello,

You're welcome, and thanks. :)

Update to SP3 and that will take care of the infected winlogon.exe. Afterward, please have a run with ComboFix and post the report. :)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 jca2010

jca2010
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 02 January 2011 - 06:02 PM

Okay, SP3 is installed, and I just ran ComboFix again. Log attached.

One note: during the autoscan an error popped up for PEV.exe saying: "The exception unknown software exception (0x40000015) occurred in the application at location 0x0044c2f9."

Cheers

Attached Files



#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:04 AM

Posted 02 January 2011 - 06:18 PM

Hello,

That looks really good. How is it running now please? :)
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 jca2010

jca2010
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 02 January 2011 - 06:58 PM

Hey, seems to be working! I Google search for Malware, and hit the Wikipedia link and it actually goes to Wikipedia. Previously it went to some site trying to sell me malware removal software.

Thanks a ton for your rapid fire replies! Can you tell me what the problem was previously? Was it the SP3 fix or did ComboFix get rid of it?

Cheers

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:04 AM

Posted 02 January 2011 - 07:10 PM

Ho there,

You're so welcome. :)

Glad it's better. :thumbup2: It was actually a combination.....ComboFix did what it could, but updating to SP3 did the final trick, in this case. :) If you had had SP3 already installed, then ComboFix would have been able to fix it all by itself.

Uninstall ComboFix by doing the following :

Click Start>Run>Type in, or copy and paste ComboFix /Uninstall > click OK

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Those old versions also take up a ton of space! Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 23 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u23-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

If you have any questions or concerns, please feel free to ask. Otherwise......

Take care,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 jca2010

jca2010
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 02 January 2011 - 07:30 PM

Cool, thanks again for your help!

ComboFix uninstalled. Can't muck with my Java versions unfortunately.

Tossed you a fiver via Paypal.

For the road, is it possible to tell where I picked the virus (or whatever) up? Just don't want to make the same mistake again.

Cheers!

#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:04 AM

Posted 02 January 2011 - 07:47 PM

Hello,

You're welcome, and thank you. :inlove:

No.......Not often we can pinpoint these type infections to any certain thing. They can come from clicking a link, opening a bad e-mail, downloading cracks and such, or just visiting a website that's been infected.

Take care!
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#11 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:04 AM

Posted 10 January 2011 - 12:36 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users