1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Google Redirect in Firefox and IE Virus

Discussion in 'Malware and Virus Removal Archive' started by fastirwin, 2011/01/05.

Page 2 of 2
  1. 2011/01/10
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I strongly suggest, you dump Adobe and switch to FoxIt.

    Download, and install Quick Startup: http://www.glarysoft.com/qs.html
    Go File>Export, save report, and paste it into your next post.
     
    broni,
    #21
  2. 2011/01/11
    fastirwin

    fastirwin Inactive Thread Starter

    Joined:
    2007/12/31
    Messages:
    58
    Likes Received:
    0
    Yes, I'm trying to dump Adobe, but it gives me a fatal error every time I try to uninstall it via add/remove programs, any suggestions on how to get around this to uninstall adobe reader?
     
    fastirwin,
    #22


  3. to hide this advert.

  4. 2011/01/11
    fastirwin

    fastirwin Inactive Thread Starter

    Joined:
    2007/12/31
    Messages:
    58
    Likes Received:
    0
    Startup List report created on 1/11/2011 by Startup Manager


    Name: NvCplDaemon
    Path: "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
    Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    Status: Enabled
    ------------------------------------------------------------------------------------------

    Name: nwiz
    Path: "C:\WINDOWS\system32\nwiz.exe" /install
    Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    Status: Enabled
    ------------------------------------------------------------------------------------------

    Name: NvMediaCenter
    Path: "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    Status: Enabled
    ------------------------------------------------------------------------------------------

    Name: 36X Raid Configurer
    Path: "C:\WINDOWS\System32\xRaidSetup.exe" boot
    Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    Status: Enabled
    ------------------------------------------------------------------------------------------

    Name: EPSON Stylus Photo R220 Series
    Path: "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE" /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220 "
    Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    Status: Enabled
    ------------------------------------------------------------------------------------------

    Name: NeroFilterCheck
    Path: "C:\WINDOWS\system32\NeroCheck.exe "
    Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    Status: Enabled
    ------------------------------------------------------------------------------------------

    Name: Adobe ARM
    Path: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
    Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    Status: Enabled
    ------------------------------------------------------------------------------------------

    Name: QuickTime Task
    Path: "C:\Program Files\QuickTime\qttask.exe" -atboottime
    Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    Status: Enabled
    ------------------------------------------------------------------------------------------

    Name: avast5
    Path: "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    Status: Enabled
    ------------------------------------------------------------------------------------------

    Name: AvgUninstallURL
    Path: cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA "& "inst=NwA3AC0AMwA5ADAAMAAxADgANQAyADIALQBGAFAAOQArADYALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AC0ARgA5AE0AMQAwAEIAKwAyAA "& "prod=90 "& "ver=9.0.872
    Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
    Status: Enabled
    ------------------------------------------------------------------------------------------

    Name: ctfmon.exe
    Path: C:\WINDOWS\system32\ctfmon.exe
    Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    Status: Enabled
    ------------------------------------------------------------------------------------------

    Name: Adobe Gamma Loader
    Path: C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
    Location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    Status: Enabled
    ------------------------------------------------------------------------------------------
    Total 12 Items
     
    fastirwin,
    #23
  5. 2011/01/11
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Hmm...I don't see jusched.exe running.
    When are you getting the above error?

    Regarding Adobe Reader.
    Re-run "Quick Startup" and UN-check:
    - Adobe ARM
    - Adobe Gamma Loader
    Restart computer and try to uninstall Adobe Reader again.
    If it still doesn't work, try free version of Revo Uninstaller: http://www.revouninstaller.com/revo_uninstaller_free_download.html
     
    broni,
    #24
  6. 2011/01/11
    fastirwin

    fastirwin Inactive Thread Starter

    Joined:
    2007/12/31
    Messages:
    58
    Likes Received:
    0
    Didn't get the error at start-up this time. Tried your first suggestion, but still getting same error when I try to uninstall Adobe Reader.

    Tried Revo, but all that does is run the Adobe uninstaller and I end up getting the same error again. Afterwards it gives you options to scan for leftover components and it finds like 1000+ registry entries and asks me to confirm if they are associated with Adobe to uninstall, didn't do because I wasn't sure.

    Here's the error I've been getting when trying on uninstall ":

    Error 1402 could not open key:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OpticalComponents\MSFS

    Verify that you have sufficient access to that key, or contact support personnel.
     
    fastirwin,
    #25
  7. 2011/01/11
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    It looks like a permission issue.
    Go Start>Run, type in:
    regedit
    Click OK.

    Navigate to:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OpticalComponents\MSFS

    Right click on MSFS, click "Permissions" and make sure you have a full control of that key.
    Restart computer.
     
    broni,
    #26
  8. 2011/01/11
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    broni,
    #27
  9. 2011/01/16
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    The issue seems to be resolved.
     
    broni,
    #28
  10. 2011/01/18
    fastirwin

    fastirwin Inactive Thread Starter

    Joined:
    2007/12/31
    Messages:
    58
    Likes Received:
    0
    I haven't had time to do the lengthy steps Adobe suggests for removal of Reader, but the virus is gone! Thanks very much for your help.
     
    fastirwin,
    #29
  11. 2011/01/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're very welcome :)
     
    broni,
    #30
Page 2 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...