Redirected searches (yeah, again)

Inactive
By mikelorus
Feb 6, 2010
Topic Status:
Not open for further replies.
  1. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    All clean here...

    Uninstall Combofix:
    Go Start > Run [Vista users, go Start>"Start search"]
    Type in:
    Combofix /Uninstall
    Note the space between the "Combofix" and the "/Uninstall"
    Click OK (Vista users - press Enter).
    Restart computer.

    ===============================================================

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:



    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    userinit.exe
    explorer.exe
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    CREATERESTOREPOINT



    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  2. mikelorus

    mikelorus Newcomer, in training Topic Starter Posts: 41

    Uhhh once again, when I try to post the copy+pastes of the two files, it keeps saying my connection is interrupted >.>

    Hope this is still okay.

    Attached Files:

  3. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O33 - MountPoints2\D\Shell - "" = AutoRun
      O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
      O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\autorun.exe -- [2005/10/15 02:42:09 | 000,253,952 | R--- | M] (Firaxis Games)
      O33 - MountPoints2\E\Shell - "" = AutoRun
      O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
      O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\SETUP.EXE -- [1998/12/01 01:04:40 | 000,025,600 | R--- | M] ()
      [2010/06/10 17:36:09 | 000,000,000 | --SD | C] -- C:\ComboFix
      [2010/05/29 22:46:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Desktop\GooredFix Backups
      [2010/05/29 20:42:28 | 000,070,858 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Michael\Desktop\GooredFix.exe
      [2010/05/25 15:41:28 | 000,000,000 | ---D | C] -- C:\_OTM
      [2010/06/08 15:37:31 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\dyfuftoq.exe
      
      
      :Services
      
      :Reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
      "DisableMonitoring" =-
       [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
      "DisableMonitoring" =-
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
      "2869:TCP" =-
      "139:TCP" =-
      "445:TCP" =-
      "137:UDP" =-
      "138:UDP" =-
      "1900:UDP" =-
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [resethosts]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  4. mikelorus

    mikelorus Newcomer, in training Topic Starter Posts: 41

    First is the long from the changes, second is the pure scan. But you probably already know that >.<

    Attached Files:

  5. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    How are pop-ups?
  6. mikelorus

    mikelorus Newcomer, in training Topic Starter Posts: 41

    Just got one, also had to restart my computer a couple of times to get the internet to work =\
  7. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    Those pop-ups still happen in Firefox only?
  8. mikelorus

    mikelorus Newcomer, in training Topic Starter Posts: 41

    It seems like it, although I don't really use any other browser enough to know 100%. I reinstalled firefox twice already before >.>
  9. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    This has been tremendously long thread. We ran countless scans and they all come up clean.
    I see no single reason for pop-ups.

    I suggest this...
    Back up whatever you want from Firefox, like bookmarks.
    Remove Firefox completely, following this: http://kb.mozillazine.org/Uninstalling_Firefox?
    I mean completely. All steps listed there.
    Install fresh copy.
    Do NOT use any of you backups yet.
    With totally clean Firefox copy, see, if you'll get pop-ups.
  10. mikelorus

    mikelorus Newcomer, in training Topic Starter Posts: 41

    That didn't work, but I had my computer completely wiped so I there isn't a problem anymore.
  11. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    Oh, thanks for letting me know :)
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.