system
1
In the past couple of days I apparently got a redirect virus. I noticed it because anytime I opened a site from google, Avast would pop up saying it blocked a malicious site. It did that for a while, then Avast stopped blocking the redirect and just let it happen. I’ve run scans from Avast, SuperAntiSpyware, Ad-aware, and Malwarebytes. Anything that those found I removed and re-booted. Nothing has changed. It still redirects and my computer is significantly slower. I hope I can get rid of this soon! I’m wary of doing anything such as banking and shopping online until this is gone. I’ve attached a recent (within 15 minutes) log of my malwarebytes scan.
Pondus
2
follow the guide here http://forum.avast.com/index.php?topic=53253.0
then attach the logs here…
Hi there on completion of this run could you re-run OTL but this time ensure all users is selected as there will be some cleanup required there
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 5F 1C 84 00 47 38 2A 40 92 52 9C 1B 6B 5E 86 96 [binary data]
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
[2011/09/09 11:29:40 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Karen\Application Data\Mozilla\Firefox\Profiles\643qej8w.Kat\extensions\{1dd04ecf-330a-4bcd-91df-83252c90ddeb}
[2011/09/09 17:40:32 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Karen\Application Data\Mozilla\Firefox\Profiles\643qej8w.Kat\extensions\{a98d462e-0f2b-4cac-881c-2db442826dde}
[2011/09/09 11:29:40 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Karen\Application Data\Mozilla\Firefox\Profiles\9spue266.default\extensions\{1dd04ecf-330a-4bcd-91df-83252c90ddeb}
[2011/09/09 17:40:32 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Karen\Application Data\Mozilla\Firefox\Profiles\9spue266.default\extensions\{a98d462e-0f2b-4cac-881c-2db442826dde}
[2011/06/09 22:09:56 | 000,001,600 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober1060650406.xml
O2 - BHO: (no name) - {00841C5F-3847-402A-9252-9C1B6B5E8696} - C:\WINDOWS\system32\wscui32.dll (The Imaging Source Europe GmbH)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
[2011/09/07 18:09:49 | 000,282,112 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\wscui32.dll
[2011/09/07 18:09:33 | 000,111,104 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Documents and Settings\All Users\Application Data\KeyboardOnlineTray.dll
[2011/09/08 18:40:58 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Karen\Application Data\83267e8e
[2011/09/08 18:28:31 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Karen\Application Data\745e0974
[2011/09/08 18:27:21 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Karen\Application Data\63fb8171
[2011/09/08 14:39:13 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Karen\Application Data\0b5e718e
[2011/09/07 18:09:49 | 000,282,112 | ---- | M] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\wscui32.dll
[2011/09/07 18:09:29 | 000,111,104 | ---- | M] (The Imaging Source Europe GmbH) -- C:\Documents and Settings\All Users\Application Data\KeyboardOnlineTray.dll
[2009/01/05 04:06:32 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Karen\Application Data\.#
:Reg
[HKCU\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the
Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the
Quick Scan button. Post the log it produces in your next reply.
system
5
Thanks for replying. I did the fix and re-ran it with all users. The log is attached.
On completion of this run can you let me know what problems remain
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 5F 1C 84 00 47 38 2A 40 92 52 9C 1B 6B 5E 86 96 [binary data]
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 5F 1C 84 00 47 38 2A 40 92 52 9C 1B 6B 5E 86 96 [binary data]
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 5F 1C 84 00 47 38 2A 40 92 52 9C 1B 6B 5E 86 96 [binary data]
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 5F 1C 84 00 47 38 2A 40 92 52 9C 1B 6B 5E 86 96 [binary data]
:Reg
[HKU.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-
[HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-
[HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-
[HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the
Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the
Quick Scan button. Post the log it produces in your next reply.
system
7
Wow, thank you so much. Google isn’t trying to redirect anymore and the speed seems to be back to normal. Do I need to post the latest log?
No need if all is still well tomorrow let me know and I will remove my tools ;D