Author Topic: Can't get rid of redirect (Read 3988 times)

Kattaylor · « **on:** September 09, 2011, 11:58:54 PM »

In the past couple of days I apparently got a redirect virus. I noticed it because anytime I opened a site from google, Avast would pop up saying it blocked a malicious site. It did that for a while, then Avast stopped blocking the redirect and just let it happen. I've run scans from Avast, SuperAntiSpyware, Ad-aware, and Malwarebytes. Anything that those found I removed and re-booted. Nothing has changed. It still redirects and my computer is significantly slower. I hope I can get rid of this soon! I'm wary of doing anything such as banking and shopping online until this is gone. I've attached a recent (within 15 minutes) log of my malwarebytes scan.

Pondus · « **Reply #1 on:** September 10, 2011, 12:18:12 AM »

follow the guide here http://forum.avast.com/index.php?topic=53253.0

then attach the logs here...

Kattaylor · « **Reply #2 on:** September 10, 2011, 06:41:00 AM »

Here are all the logs.

essexboy · « **Reply #3 on:** September 10, 2011, 12:35:36 PM »

Hi there on completion of this run could you re-run OTL but this time ensure all users is selected as there will be some cleanup required there

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following
Quote
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 5F 1C 84 00 47 38 2A 40 92 52 9C 1B 6B 5E 86 96 [binary data]
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
[2011/09/09 11:29:40 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Karen\Application Data\Mozilla\Firefox\Profiles\643qej8w.Kat\extensions\{1dd04ecf-330a-4bcd-91df-83252c90ddeb}
[2011/09/09 17:40:32 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Karen\Application Data\Mozilla\Firefox\Profiles\643qej8w.Kat\extensions\{a98d462e-0f2b-4cac-881c-2db442826dde}
[2011/09/09 11:29:40 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Karen\Application Data\Mozilla\Firefox\Profiles\9spue266.default\extensions\{1dd04ecf-330a-4bcd-91df-83252c90ddeb}
[2011/09/09 17:40:32 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Karen\Application Data\Mozilla\Firefox\Profiles\9spue266.default\extensions\{a98d462e-0f2b-4cac-881c-2db442826dde}
[2011/06/09 22:09:56 | 000,001,600 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober1060650406.xml
O2 - BHO: (no name) - {00841C5F-3847-402A-9252-9C1B6B5E8696} - C:\WINDOWS\system32\wscui32.dll (The Imaging Source Europe GmbH)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
[2011/09/07 18:09:49 | 000,282,112 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\wscui32.dll
[2011/09/07 18:09:33 | 000,111,104 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Documents and Settings\All Users\Application Data\KeyboardOnlineTray.dll
[2011/09/08 18:40:58 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Karen\Application Data\83267e8e
[2011/09/08 18:28:31 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Karen\Application Data\745e0974
[2011/09/08 18:27:21 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Karen\Application Data\63fb8171
[2011/09/08 14:39:13 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Karen\Application Data\0b5e718e
[2011/09/07 18:09:49 | 000,282,112 | ---- | M] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\wscui32.dll
[2011/09/07 18:09:29 | 000,111,104 | ---- | M] (The Imaging Source Europe GmbH) -- C:\Documents and Settings\All Users\Application Data\KeyboardOnlineTray.dll
[2009/01/05 04:06:32 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Karen\Application Data\.#

:Reg
[HKCU\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-
:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Kattaylor · « **Reply #4 on:** September 10, 2011, 06:18:24 PM »

Thanks for replying. I did the fix and re-ran it with all users. The log is attached.

essexboy · « **Reply #5 on:** September 10, 2011, 07:28:05 PM »

On completion of this run can you let me know what problems remain

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following
Quote
:OTL
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 5F 1C 84 00 47 38 2A 40 92 52 9C 1B 6B 5E 86 96 [binary data]
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 5F 1C 84 00 47 38 2A 40 92 52 9C 1B 6B 5E 86 96 [binary data]
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 5F 1C 84 00 47 38 2A 40 92 52 9C 1B 6B 5E 86 96 [binary data]
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 5F 1C 84 00 47 38 2A 40 92 52 9C 1B 6B 5E 86 96 [binary data]

:Reg
[HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-
[HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-
[HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-
[HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Kattaylor · « **Reply #6 on:** September 10, 2011, 08:17:51 PM »

Wow, thank you so much. Google isn't trying to redirect anymore and the speed seems to be back to normal. Do I need to post the latest log?

essexboy · « **Reply #7 on:** September 10, 2011, 09:30:20 PM »

No need if all is still well tomorrow let me know and I will remove my tools

Author Topic: Can't get rid of redirect (Read 3988 times)

Kattaylor

Can't get rid of redirect

Pondus

Re: Can't get rid of redirect

Kattaylor

Re: Can't get rid of redirect

essexboy

Re: Can't get rid of redirect

Kattaylor

Re: Can't get rid of redirect

essexboy

Re: Can't get rid of redirect

Kattaylor

Re: Can't get rid of redirect

essexboy

Re: Can't get rid of redirect