infectedturtle Posted May 11, 2012 Author ID:550507 Share Posted May 11, 2012 All processes killed========== OTL ==========C:\Users\Lucas\AppData\Local\458ffeq4p6hr700641u moved successfully.ADS C:\ProgramData\Microsoft:ao1VlNx8YbGrn9Wv1Onms6MKZd deleted successfully.ADS C:\ProgramData\Microsoft:wXz4oHAJVT4QGLZeJNjw8iHdTa deleted successfully.========== COMMANDS ==========[EMPTYJAVA]User: All UsersUser: DefaultUser: Default UserUser: Lucas->Java cache emptied: 1494674 bytesUser: PublicTotal Java Files Cleaned = 1.00 mb[EMPTYTEMP]User: All UsersUser: Default->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 56475 bytesUser: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 0 bytesUser: Lucas->Temp folder emptied: 56861689 bytes->Temporary Internet Files folder emptied: 62597174 bytes->Java cache emptied: 0 bytes->FireFox cache emptied: 326331337 bytes->Google Chrome cache emptied: 314060122 bytes->Flash cache emptied: 59054 bytesUser: Public->Temp folder emptied: 0 bytes%systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32 (64bit) .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 56659301 bytes%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytesRecycleBin emptied: 0 bytesTotal Files Cleaned = 779.00 mbOTL by OldTimer - Version 3.2.42.3 log created on 05102012_203231Files\Folders moved on Reboot...C:\Users\Lucas\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.Registry entries deleted on Reboot... Link to post Share on other sites More sharing options...
MrCharlie Posted May 11, 2012 ID:550548 Share Posted May 11, 2012 Is there any difference??Are you using a router??---------------------------------------Please do this:Run OTLUnder the Custom Scans/Fixes box at the bottom, paste in the following :FilesC:\Users\Lucas\AppData\Roaming\.minecraft\.minecraft\sqduxv.dllC:\Users\Lucas\AppData\Roaming\.minecraft\.minecraft\ulbzyvwiq.dllThen click the Run Fix button at the topLet the program run unhindered, when done it will say "Fix Complete press ok to open the log"Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.-------------------------------Reboot and .......Please Update and run a Quick Scan with MBAM, post the report.Make sure that everything is checked, and click Remove Selected.Please let me know how it is, MrC Link to post Share on other sites More sharing options...
infectedturtle Posted May 11, 2012 Author ID:550604 Share Posted May 11, 2012 Hello, there is no difference, I am still getting the redirects. Yes I am behind a router, no open ports DD-WRT. Do I need to worry about my passwords? I am considering just wiping the drive and starting over, but I wish I didn't have to. I will run your suggestions and report back. Link to post Share on other sites More sharing options...
infectedturtle Posted May 11, 2012 Author ID:550614 Share Posted May 11, 2012 ========== FILES ==========File\Folder C:\Users\Lucas\AppData\Roaming\.minecraft\.minecraft\sqduxv.dll not found.File\Folder C:\Users\Lucas\AppData\Roaming\.minecraft\.minecraft\ulbzyvwiq.dll not found.OTL by OldTimer - Version 3.2.42.3 log created on 05112012_101642 Link to post Share on other sites More sharing options...
infectedturtle Posted May 11, 2012 Author ID:550615 Share Posted May 11, 2012 Malwarebytes Anti-Malware 1.61.0.1400www.malwarebytes.orgDatabase version: v2012.05.11.01Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Lucas :: DEATHWING [administrator]5/11/2012 10:17:54 AMmbam-log-2012-05-11 (10-17-54).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 203021Time elapsed: 2 minute(s), 10 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
MrCharlie Posted May 12, 2012 ID:550775 Share Posted May 12, 2012 Let reset the router:Shut down the computer and reset the router:http://www.online-te...fault-settings/There should be a reset button that you push or hole that you stick a pin to reset the router (usually 10 seconds)It's usually located on the back of the router, check your owners manual.If you can't find one, just disconnect the power from the router for about a minute, then reconnect it, let it reset then turn the computer back on and see how it is.------------------------------------Then download, unzip and run flush.bat:http://forums.malwar...attach_id=77835Let me know, MrC Link to post Share on other sites More sharing options...
infectedturtle Posted May 13, 2012 Author ID:551212 Share Posted May 13, 2012 I am afraid there isn't anything wrong with the Router. None of the other computers in the house have the same symptoms. This isn't a DNS thing because if you try to go to the link again, it will work correctly. It is only the first attempt which redirects. My HOSTS file is also healthy. Link to post Share on other sites More sharing options...
MrCharlie Posted May 14, 2012 ID:551319 Share Posted May 14, 2012 But did you do the two things I asked you to?Run IE with out any add-ons, see if there's any difference:http://news.softpedi...ns-161394.shtmlMrC Link to post Share on other sites More sharing options...
infectedturtle Posted May 15, 2012 Author ID:551548 Share Posted May 15, 2012 I went ahead and didn't hard reset my router because I do not want to re-setup all of the intricate things I've done (DD-WRT). I also inspected the .bat file because I do not run scripts without knowing what they do and I have already done the things it was slated to do. No effect.Finally I deleted my user profiles for Chrome and Firefox and we will see if it keeps doing it. I don't ever run IE so that wouldn't have anything to do with the equation. Link to post Share on other sites More sharing options...
infectedturtle Posted May 17, 2012 Author ID:552270 Share Posted May 17, 2012 Deleting the profiles from Firefox and Chrome and re-syncing from their servers ended up getting rid of the problem. Thanks for your help. Do you believe I should worry about the security of my passwords? Link to post Share on other sites More sharing options...
MrCharlie Posted May 17, 2012 ID:552278 Share Posted May 17, 2012 Passwords.....I would certainly keep an eye on the accounts, at best change all the passwords.A little cleanup to do.Please Uninstall ComboFix:Press the Windows logo key + R to bring up the "run box"Copy and paste next command in the field:ComboFix /uninstallMake sure there's a space between Combofix and /Then hit enter.This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point---------------------------------Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)Any other programs or logs you can manually delete.-------------------------------You have out date Java on the system, older versions are vulnerable to malware.Go to your control panels add/remove programs and uninstall all the Java listed and Then download and install the latest version Java™ 7 Update 4.http://www.java.com/...load/manual.jsp <---latest versionhttp://www.java.com/...d/installed.jsp <---verify your Java-----------------------------------Any questions...please post back.If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.Take a look at My Preventive Maintenance to avoid being infected again.Good Luck and Thanks for using the forum, MrC Link to post Share on other sites More sharing options...
LDTate Posted May 18, 2012 ID:552566 Share Posted May 18, 2012 Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you. Link to post Share on other sites More sharing options...
Recommended Posts