TheDarkKnight

Good afternoon camarograna2. Please re-run OTL and post a fresh log in your reply.

Hey majabber, Well OTL didn't delete those files. So if they are causing the redirects then that is why they are continuing. Please follow these instructions to remove the remaining malicious entries: Please close any open browsers. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Open Notepad and copy/paste the text in the quotebox below into it: Please Note: Do NOT use any other text editor than Notepad or the CFScript will fail. Save this as CFScript.txt, in the same location as ComboFix.exe. Referring to the picture above, drag CFScript into ComboFix.exe. When finished, it shall produce a log for you at C:\ComboFix.txt. Please post the ComboFix.txt in your next reply. It is unlikely your information is being accessed.

Hey MBWare, Awesome! Please run a free online scan with the ESET Online Scanner. Note: You can use Internet Explorer or Mozilla Firefox for this scan. Tick the box next to YES, I accept the Terms of Use. Click Start. When asked, allow the ActiveX control to install. Click Start. Make sure that the option Remove found threats is unchecked and the option Scan unwanted applications is checked. Click Scan. Wait for the scan to finish. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt. Copy and paste that log as a reply to this topic.

Yep!

Hey preconmanager, You could make a copy of those files and put them somewhere safe, and then delete the originals. See how that goes.

Hello diddlydudette, You may use ComboFix. It has been restored.

Hey dykesc, The disc you have is probably a recovery; in which case it would wipe all your files. Please run OTL.exe. Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): :files C:\$RECYCLE.BIN\S-1-5-18\$71213cd9c34348feb47e474775353225 :Commands [EmptyTemp] Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste. Click the red Run Fix button. A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTL.exe If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. ===== Also, please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF). Please go here to see a list of programs that need to be disabled. **Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.** **Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.** Please include the C:\ComboFix.txt in your next reply for further review. ===== In your reply please provide the contents of both logs and let me know how your computer is currently running.

Hey preconmanager, Well you may delete the iTunes setup file etc. OK next I would like to see a test of your graphics. Please see the below about the DirectX Tool for Windows: http://support.microsoft.com/kb/190900 Give that a run, and let me know if it identifies any issues with your graphics driver.

Hey greyowl. OK. Please reinstall MBAM and try updating. What happens?

Hey kasper, OK please try the JRT (as mentioned above) instead.

Good evening. @BaffleD, it is probably best if you make your own topic. Your issues might be similar but its a different machine. Feel free to follow this one in addition though. @pgpav2003: The current method for removing BIOS infections (or proposed method) is via flashing, as the article mentions. By flashing you will wipe the old BIOS and it will be replaced. Your best shot is to do this, then reformat and see how things are.

Good evening preconmanager. My apologies for the slight delay. I have been looking at the logs from the very beginning. I am going through them again but in the meantime I would like to try the below please. Please uninstall Firefox. I would like you to completely uninstall it, profiles, settings and all. Then reinstall your computer. In Firefox, see if the graphics issues persists. PS: Oh I should say, if you have any settings or profiles you wish to keep, please save them in a folder on your Desktop. You can restore them later, I would just like to see how a clean Firefox runs. PSS: What is this file: C:\Program Files\0126201219462482.bat?

Hello dykesc. I see you have Conduit installed. It is often present when there are other infections on computers, and it is for this reason I recommend removing it (please seehere for more information). Your logs show that the SpeedBit Video Downloader is installed. It has been known to exhibit suspicious behaviour (please see here for further information). I recommend removing it. Please go to Start>Control Panel> Add or Remove Programs and remove the following program (if present): Conduit Conduit Toolbar SpeedBit Video Downloader Please restart your computer after this program removal. ===== Next, please run OTL.exe. Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): :OTL FF - prefs.js..extensions.enabledItems: vshareus@toolbar:1.0.0 O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll () FF - prefs.js..extensions.enabledItems: vshareus@toolbar:1.0.0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O15 - HKCU\..Trusted Domains: att.net ([www] http in Trusted sites) O15 - HKCU\..Trusted Domains: dxspots.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: netlogger.org ([www] http in Trusted sites) O15 - HKCU\..Trusted Domains: omiss.net ([]http in Trusted sites) [2012/09/21 12:01:15 | 000,002,048 | -HS- | M] () -- C:\$RECYCLE.BIN\S-1-5-18\$71213cd9c34348feb47e474775353225\@ [2012/09/21 12:01:15 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN\S-1-5-18\$71213cd9c34348feb47e474775353225\L [2012/09/21 12:01:15 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN\S-1-5-18\$71213cd9c34348feb47e474775353225\U :Commands [EmptyTemp] Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste. Click the red Run Fix button. A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTL.exe If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. ===== In addition, For x32 (x86) bit systems please download the Farbar Recovery Scan Tool 32-Bit and save it to a flash drive. For x64 bit systems please download the Farbar Recovery Scan Tool 64-Bit and save it to a flash drive. Plug the flashdrive into the infected PC. Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options: Restart the computer. As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears. Use the arrow keys to select the Repair your computer menu item. Select US as the keyboard language settings, and then click Next. Select the operating system you want to repair, and then click Next. Select your user account and click Next. To enter System Recovery Options by using the Windows installation disc: Insert the installation disc. Restart your computer. If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings. Click Repair your computer. Select US as the keyboard language settings, and then click Next. Select the operating system you want to repair, and then click Next. Select your user account and click Next. On the System Recovery Options menu you will get the following options: Startup Repair System Restore Windows Complete PC Restore Windows Memory Diagnostic Tool Command Prompt [*]Select Command Prompt. [*]In the command window type in notepad and press Enter. [*]The notepad opens. Under File menu select Open. [*]Select Computer, find your flash drive letter and close the notepad. [*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter. Note: Replace letter e with the drive letter of your flash drive. [*]The tool will start to run. [*]When the tool opens click Yes to the disclaimer. [*]Press the Scan button. [*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it in your reply. ===== In your reply please provide the contents of the OTL fix log and FRST.txt. What issues remain on your computer?

Hello greyowl. Let's try something else with ComboFix. Please follow these instructions: Please close any open browsers. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Open Notepad and copy/paste the text in the quotebox below into it: Please Note: Do NOT use any other text editor than Notepad or the CFScript will fail. Save this as CFScript.txt, in the same location as ComboFix.exe. Referring to the picture above, drag CFScript into ComboFix.exe. When finished, it shall produce a log for you at C:\ComboFix.txt. Please post the ComboFix.txt in your next reply.

Hello camarograna2. Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF). Please go here to see a list of programs that need to be disabled. **Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.** **Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.** Please include the C:\ComboFix.txt in your next reply for further review.

Hello Smile2go. Well the JRT removed that concern I asked you about anyway so all good. Please download to the Desktop RogueKiller (by tigzy). Please quit all programs. Start RogueKiller.exe. Wait until Prescan has finished. Click on Scan. Click on Report and copy/paste the contents of the report in your next reply. Is the redirect still present? Does it happen in all browsers?

Good morning kasper, You posted a fresh log from OTL, but what I need to see is the fix log it produced please. What is the issue with AdwCleaner? Please download Junkware Removal Tool to your Desktop. Please close your security software to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator. The tool will open and start scanning your system. Please be patient as this can take a while to complete, depending on your system's specifications. On completion, a log (JRT.txt) is saved to your Desktop and will automatically open. Please post the contents of JRT.txt into your reply.

Hey pgpav2003, Let me know how you get on with the suggestions form the article.

Hey greyowl, ComboFix has just been updated so please delete your current copy. Run Rkill. Then, please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF). Please go here to see a list of programs that need to be disabled. **Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.** **Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.** Please include the C:\ComboFix.txt in your next reply for further review.

Hello fishtaco254, When you reformat you will get the option to not wipe your files. In addition, you could use a hard drive or a CD. Please let me know how it goes.

Hey preconmanager, The results from MiniToolbox didn't concern me. You mentioned you had recently configured some internet settings so that could explain the configurations the toolbox showed. I am not familiar with MMC, and because the RSoP is new, I thought that article might have a solution. It didn't help?

Hey pgpav2003, When you install Windows it will often stop, restart and then continue. The newer systems (7 and 8) do this. I installed recently and that is exactly what happened. This article: http://www.forbes.com/sites/andygreenberg/2012/07/26/meet-rakshasa-the-malware-infection-designed-to-be-undetectable-and-incurable/ It mentions how to possibly fight a BIOS infection. You could give the suggestions in the article a shot. BIOS infections are pretty much considered a theory and not reality. The helpers here (like myself) have never seen such an infection. But give the article a go and let me know how it goes.

Good evening pgpav2003, Are you reinstalling or reformatting? If you are only reinstalling, then you are actually not wiping the disc; only wiping out the old operating system but leaving the files behind. As for the 4 installation discs, I would imagine that the 4th disc has extras on it. The fact that you can log in etc means that Windows has installed correctly. But let me know if you are actually reformatting or only reinstalling.

Hello preconmanager, I am not sure these issues are linked with your others but please see the below link: http://www.itlisting...33528e08d6.aspx Follow the suggestions there and see if that resolves your MMC issues.

Hello majabber, I believe the file is malicious. We can always restore it if it turns out it isn't the cause of your issues. Please run OTL.exe. Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): :files C:\Windows\SysWOW64\msportso.dll C:\Windows\Tasks\ekxaaoya.job :Commands [EmptyTemp] Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste. Click the red Run Fix button. A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTL.exe If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. Do the redirects persist?