Inactive Redirected searches (yeah, again)

[Broni]

All clean here...

Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.

===============================================================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:



netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
userinit.exe
explorer.exe
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT



* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[mikelorus]

Uhhh once again, when I try to post the copy+pastes of the two files, it keeps saying my connection is interrupted >.>

Hope this is still okay.

 

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O33 - MountPoints2\D\Shell - "" = AutoRun
  O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\autorun.exe -- [2005/10/15 02:42:09 | 000,253,952 | R--- | M] (Firaxis Games)
  O33 - MountPoints2\E\Shell - "" = AutoRun
  O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\SETUP.EXE -- [1998/12/01 01:04:40 | 000,025,600 | R--- | M] ()
  [2010/06/10 17:36:09 | 000,000,000 | --SD | C] -- C:\ComboFix
  [2010/05/29 22:46:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Desktop\GooredFix Backups
  [2010/05/29 20:42:28 | 000,070,858 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Michael\Desktop\GooredFix.exe
  [2010/05/25 15:41:28 | 000,000,000 | ---D | C] -- C:\_OTM
  [2010/06/08 15:37:31 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\dyfuftoq.exe
  
  
  :Services
  
  :Reg
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
  "DisableMonitoring" =-
   [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
  "DisableMonitoring" =-
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
  "2869:TCP" =-
  "139:TCP" =-
  "445:TCP" =-
  "137:UDP" =-
  "138:UDP" =-
  "1900:UDP" =-
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [resethosts]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

 

[mikelorus]

First is the long from the changes, second is the pure scan. But you probably already know that >.<

 

[Broni]

How are pop-ups?

 

[mikelorus]

Just got one, also had to restart my computer a couple of times to get the internet to work =\

 

[Broni]

Those pop-ups still happen in Firefox only?

 

[mikelorus]

It seems like it, although I don't really use any other browser enough to know 100%. I reinstalled firefox twice already before >.>

 

[Broni]

This has been tremendously long thread. We ran countless scans and they all come up clean.
I see no single reason for pop-ups.

I suggest this...
Back up whatever you want from Firefox, like bookmarks.
Remove Firefox completely, following this: http://kb.mozillazine.org/Uninstalling_Firefox?
I mean completely. All steps listed there.
Install fresh copy.
Do NOT use any of you backups yet.
With totally clean Firefox copy, see, if you'll get pop-ups.

 

[mikelorus]

That didn't work, but I had my computer completely wiped so I there isn't a problem anymore.

 

[Broni]

Oh, thanks for letting me know