redirect; close down problem

Welcome to Major Geeks!

The reason for your redirection is that you have/had a DNS hijacker.

The blue screens could be something else as they are not typical of a DNS hijacker.

Did you shut down all protection software before trying to run ComboFix and MGtools?

Try running them in safe boot mode if necessary. We need these logs to fix your problems.

 

You have Norton Internet Security and Avira both running. You need to run the below to remove all of Norton.

Please run the below then reboot. After reboot run it one more time.

Norton Removal Tool (SymNRT)

Some additional logs from SUPERAntiSpyware that I would like to see are the below:

Code:

"C:\Documents and Settings\Steffi\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs\"
Oct 12 2010  1200  "SUPERAntiSpyware Scan Log - 10-12-2010 - 17-16-20.log"
Oct 21 2010  1496  "SUPERAntiSpyware Scan Log - 10-21-2010 - 13-09-14.log"
Oct 18 2010  2285  "SUPERAntiSpyware Scan Log - 10-18-2010 - 13-19-35.log"
Oct 17 2010  1200  "SUPERAntiSpyware Scan Log - 10-17-2010 - 13-08-13.log"
Oct  4 2010   1621  "SUPERAntiSpyware Scan Log - 10-04-2010 - 16-24-04.log"

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [Uyuwora] rundll32.exe "C:\WINDOWS\ozepuficu.dll",Startup
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [somcwanerx.tmp] "C:\DOCUME~1\Steffi\LOCALS~1\Temp\somcwanerx.tmp"
O18 - Filter hijack: text/html - {bac6e857-3a64-4ff6-925e-d0fec5159efa} - (no file)

After clicking Fix, exit HJT.


Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Also delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
C:\WINDOWS\TEMP
C:\Documents and Settings\Steffi\Local Settings\Temp

Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\avenger.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Why did you uninstall both Avira and Norton? I only asked you to uninstall Norton. please only do what we ask you to do. In fact notice right now I just asked a question, I did not say reinstall Avira! At least not yet.

The fix for this and other possible errors was given in the Using MGtools link given in the READ & RUN ME.

Your logs showed that you had/have a DNS hijacker infection which is known to infect router hardware. If you have a router hooked up then you need to follow the instructions for your hardware and reset it to factory default settings. Normally there is a recessed push button type switch that needs to be held down for some number of seconds to do this. After resetting to factory defaults on your router, you will need to reconfigure the router for your network if you have made any changes to the default network setup. After this you should reboot and see if you still have problems. If you are still being redirected, please do the below.

First answer the question, does your redirection issue occur with both Internet Explorer and Firefox?



Download TDSSKiller from Kaspersky to your directly onto your Desktop

• Now double click the TDSSkiller.exe file to run it ( if using Vista or Windows 7 do not double click on it but rather, right click and select Run As Administrartor. )
• Allow the application to run if prompted by Windows or any security programs you have installed
• It will start the scan and run rather quickly and will notify you of whether anything is found or not.
• Follow the instructions to delete/quarantine if asks you what to do when if finds something.
• Whether an infection is found or not, a log file should be created on your C: drive ( or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run. Please attach this log to your next reply. (See: HOW TO: Attach Items To Your Post )