In the past couple of days I apparently got a redirect virus. I noticed it because anytime I opened a site from google, Avast would pop up saying it blocked a malicious site. It did that for a while, then Avast stopped blocking the redirect and just let it happen. I’ve run scans from Avast, SuperAntiSpyware, Ad-aware, and Malwarebytes. Anything that those found I removed and re-booted. Nothing has changed. It still redirects and my computer is significantly slower. I hope I can get rid of this soon! I’m wary of doing anything such as banking and shopping online until this is gone. I’ve attached a recent (within 15 minutes) log of my malwarebytes scan.

follow the guide here http://forum.avast.com/index.php?topic=53253.0

then attach the logs here…

Here are all the logs.

Hi there on completion of this run could you re-run OTL but this time ensure all users is selected as there will be some cleanup required there

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 5F 1C 84 00 47 38 2A 40 92 52 9C 1B 6B 5E 86 96 [binary data] IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found [2011/09/09 11:29:40 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Karen\Application Data\Mozilla\Firefox\Profiles\643qej8w.Kat\extensions\{1dd04ecf-330a-4bcd-91df-83252c90ddeb} [2011/09/09 17:40:32 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Karen\Application Data\Mozilla\Firefox\Profiles\643qej8w.Kat\extensions\{a98d462e-0f2b-4cac-881c-2db442826dde} [2011/09/09 11:29:40 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Karen\Application Data\Mozilla\Firefox\Profiles\9spue266.default\extensions\{1dd04ecf-330a-4bcd-91df-83252c90ddeb} [2011/09/09 17:40:32 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Karen\Application Data\Mozilla\Firefox\Profiles\9spue266.default\extensions\{a98d462e-0f2b-4cac-881c-2db442826dde} [2011/06/09 22:09:56 | 000,001,600 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober1060650406.xml O2 - BHO: (no name) - {00841C5F-3847-402A-9252-9C1B6B5E8696} - C:\WINDOWS\system32\wscui32.dll (The Imaging Source Europe GmbH) O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) [2011/09/07 18:09:49 | 000,282,112 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\wscui32.dll [2011/09/07 18:09:33 | 000,111,104 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Documents and Settings\All Users\Application Data\KeyboardOnlineTray.dll [2011/09/08 18:40:58 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Karen\Application Data\83267e8e [2011/09/08 18:28:31 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Karen\Application Data\745e0974 [2011/09/08 18:27:21 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Karen\Application Data\63fb8171 [2011/09/08 14:39:13 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Karen\Application Data\0b5e718e [2011/09/07 18:09:49 | 000,282,112 | ---- | M] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\wscui32.dll [2011/09/07 18:09:29 | 000,111,104 | ---- | M] (The Imaging Source Europe GmbH) -- C:\Documents and Settings\All Users\Application Data\KeyboardOnlineTray.dll [2009/01/05 04:06:32 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Karen\Application Data\.#

:Reg
[HKCU\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-
:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]


[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Thanks for replying. I did the fix and re-ran it with all users. The log is attached.

On completion of this run can you let me know what problems remain

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 5F 1C 84 00 47 38 2A 40 92 52 9C 1B 6B 5E 86 96 [binary data] IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 5F 1C 84 00 47 38 2A 40 92 52 9C 1B 6B 5E 86 96 [binary data] IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 5F 1C 84 00 47 38 2A 40 92 52 9C 1B 6B 5E 86 96 [binary data] IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 5F 1C 84 00 47 38 2A 40 92 52 9C 1B 6B 5E 86 96 [binary data]

:Reg
[HKU.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-
[HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-
[HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-
[HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]


[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Wow, thank you so much. Google isn’t trying to redirect anymore and the speed seems to be back to normal. Do I need to post the latest log?

No need if all is still well tomorrow let me know and I will remove my tools ;D