Other > Viruses and worms

google redirect virus still persisting

(1/4) > >>

kpuvn:
I've used...

TrendMicro's OfficeScan Client (0 results)

Malwarebytes multiple times with several results most of the time (found Trojans among other things)

TDSSKiller (found 1 thing once, problem still persisted but Daemon Tools now gives me some sort of error message upon restarting...haven't tried using it so I don't know if it still works)

Hitman Pro (found several threats and tracers) until rescanning yielded 0 results

...and I still find my Google results redirecting me.  So far, I haven't found anything wrong while using Chrome so it's only Firefox that's being affected (I haven't tried using IE).

I just ran OTL and have attached the logs:

essexboy:
Hi on completion of this run could you re-run OTL but ensure that all users is selected please

Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

--- Quote ---:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 84 64 93 18 5C BE B8 4E 96 DC 1D D3 6C E3 00 39 [binary data]
[2011/08/05 08:38:27 | 000,007,305 | -HS- | M] () -- C:\ProgramData\browcli32.dll
[2011/08/05 07:38:25 | 000,007,305 | -HS- | M] () -- C:\ProgramData\input32.dll
[2011/08/05 06:38:21 | 000,007,305 | -HS- | M] () -- C:\ProgramData\PortableDeviceWiaCompat32.dll
[2011/08/05 05:38:19 | 000,007,305 | -HS- | M] () -- C:\ProgramData\KBDMAORI32.dll
[2011/08/05 04:38:18 | 000,007,305 | -HS- | M] () -- C:\ProgramData\shwebsvc32.dll
[2011/08/05 02:38:02 | 000,007,305 | -HS- | M] () -- C:\ProgramData\KBDINPUN32.dll
[2011/08/05 01:37:30 | 000,007,305 | -HS- | M] () -- C:\ProgramData\NlsLexicons004632.dll
[2011/08/05 00:37:13 | 000,007,305 | -HS- | M] () -- C:\ProgramData\CtCamMgr32.dll
[2011/08/04 20:43:44 | 000,007,271 | -HS- | M] () -- C:\ProgramData\PhotoMetadataHandler32.dll
[2011/08/04 19:43:37 | 000,007,271 | -HS- | M] () -- C:\ProgramData\drt32.dll
[2011/08/04 16:01:27 | 000,007,203 | -HS- | M] () -- C:\ProgramData\NlsLexicons000332.dll
[2011/08/03 23:14:12 | 000,007,169 | -HS- | M] () -- C:\ProgramData\lsmproxy32.dll
[2011/08/03 22:13:56 | 000,007,169 | -HS- | M] () -- C:\ProgramData\DevicePairingFolder32.dll
[2011/08/03 20:15:38 | 000,007,169 | -HS- | M] () -- C:\ProgramData\clfsw3232.dll
[2011/08/03 18:15:37 | 000,007,169 | -HS- | M] () -- C:\ProgramData\rdpencom32.dll
[2011/08/03 17:15:37 | 000,007,169 | -HS- | M] () -- C:\ProgramData\msyuv32.dll
[2011/08/03 16:15:27 | 000,007,169 | -HS- | M] () -- C:\ProgramData\dciman3232.dll
[2011/08/03 15:15:24 | 000,007,169 | -HS- | M] () -- C:\ProgramData\StorageContextHandler32.dll
[2011/08/03 14:15:08 | 000,007,169 | -HS- | M] () -- C:\ProgramData\dimsjob32.dll
[2011/08/03 13:15:05 | 000,007,169 | -HS- | M] () -- C:\ProgramData\RstrtMgr32.dll
[2011/08/02 00:18:00 | 000,007,135 | -HS- | M] () -- C:\ProgramData\iaspolcy32.dll
[2011/08/01 21:31:52 | 000,007,135 | -HS- | M] () -- C:\ProgramData\framedyn32.dll
[2011/08/01 20:31:51 | 000,007,135 | -HS- | M] () -- C:\ProgramData\adsnt32.dll
[2011/08/01 19:31:50 | 000,007,135 | -HS- | M] () -- C:\ProgramData\cabview32.dll
[2011/08/01 18:31:45 | 000,007,135 | -HS- | M] () -- C:\ProgramData\ipsmsnap32.dll
[2011/08/01 17:31:39 | 000,007,135 | -HS- | M] () -- C:\ProgramData\prntvpt32.dll
[2011/08/01 15:30:52 | 000,007,135 | -HS- | M] () -- C:\ProgramData\SndVolSSO32.dll
[2011/08/01 14:30:42 | 000,007,135 | -HS- | M] () -- C:\ProgramData\wlandlg32.dll
[2011/07/26 05:42:28 | 000,007,101 | -HS- | M] () -- C:\ProgramData\NlsLexicons004a32.dll
[2011/07/26 04:42:21 | 000,007,101 | -HS- | M] () -- C:\ProgramData\C_G1803032.dll
[2011/07/26 03:42:08 | 000,007,101 | -HS- | M] () -- C:\ProgramData\pla32.dll
[2011/07/26 02:41:59 | 000,007,101 | -HS- | M] () -- C:\ProgramData\drvstore32.dll

:Reg
[HKCU\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
--- End quote ---
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. [/list]

kpuvn:
Thank you

The attachment with the string of numbers is what popped up after rebooting.

edit: Sorry, I forgot to select "scan all users" so I will upload another log in a few minutes

kpuvn:
Sorry again

essexboy:
OK I can see that it snuck into the other users

On completion of this run can you let me know what problems remain

Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

--- Quote ---:OTL
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 84 64 93 18 5C BE B8 4E 96 DC 1D D3 6C E3 00 39 [binary data]
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 84 64 93 18 5C BE B8 4E 96 DC 1D D3 6C E3 00 39 [binary data]
[2011/08/07 02:09:23 | 000,000,140 | ---- | M] () -- C:\Windows\SysWow64\1751258003
[2011/08/07 01:08:23 | 000,007,441 | -HS- | M] () -- C:\ProgramData\aclui32.dll
[2011/08/06 11:03:42 | 000,007,407 | -HS- | M] () -- C:\ProgramData\winusb32.dll

:Reg
[HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-
[HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
--- End quote ---
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. [/list]

Navigation

[0] Message Index

[#] Next page

Go to full version