I have restarted and it comes right back. Is it possible for a virus to remain in the partition? I didn’t change anything on the
Windows disk.
I removed the HDD, reformatted it on another PC with /U, disconnected the BIOS battery and removed and re-installed the RAM
and video card.
Obviously, I’ve missed the location of this bug. I haven’t used any other thumb drives, etc. or any other sources of infection.
It’s not been connected to the net. It has to be hiding somewhere, I just don’t know where.
It has already disabled notepad, won’t recognize any I/O devices, SD cards, etc.
I certainly don’t have any idea of what to do next.

Help!

won't recognize any I/O devices, SD cards, etc.

If the HDD was reformated then nothing will be left software wise

I just made a bootable CD and installed the programs you gave me earlier, ran Kaspersky rescue disk
and several tools you recommended and now it seems to be running normally.
I’ll attach a few logs FWIW.

Thanks again for your time and effforts, I do appreciate it.

I spoke too soon, Its still there.

Both of those logs are clear did Kas find anything ?

No. It allowed me to DL Avast but then began redirecting and now it’s blocking almost everything.
There must be some program that will identify this.

Prior to Avast did you install anything or use a USB

No. I suppose my tinkering with it is counter-productive as far as you’re concerned, but I’ve run
several cleaning utilities and now it’s behaving fairly well, only redirecting occasionally.
I can probably run some diagnostic software, if there is something that might help.

Again thanks.

You can check out the MBR although a re-install would have squashed that

Download the latest version of TDSSKiller from here and save it to your Desktop.

[*]Doubleclick on TDSSKiller.exe to run the application

http://dl.dropbox.com/u/73555776/TDSSFront.JPG

[*]Then click on Change parameters.

http://dl.dropbox.com/u/73555776/TDSSConfig.JPG

[*]Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

[*]Click the Start Scan button.

[*]If a suspicious object is detected, the default action will be Skip, click on Continue.

http://dl.dropbox.com/u/73555776/TDSSFound.JPG

[*]If malicious objects are found, they will show in the Scan results and offer three (3) options.
[*]Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

[*]Get the report by selecting Reports

http://dl.dropbox.com/u/73555776/TDSSEnd.JPG

[*]Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.

This PC runs somewhat normally until I connect to the internet. I was able to run everything you requested
except Mbam, which quit before it was finished.
I guess there is a small bit of code that downloads more malware when connected.

It makes me wonder where it is coming from, how many other computers use the router ? And do they experience the same problem ?

A fresh install wipes all software from the computer so nothing will be left behind. The only other alternative would be that the installation disc is infected, but that is clutching at straws in reallity. Did you run TDSSKiller ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF

:OTL
O3 - HKU\S-1-5-21-2202700497-936279443-959575130-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found
O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found
O4 - Startup: C:\Users\Norm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_19306474.lnk = File not found

:Files
ipconfig /flushdns /c
netsh int ip reset c:\resetlog.txt  /c
ipconfig /release /c
ipconfig /renew /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Here are the files you requested.

MSN home page redirects to an address that’s about 3 lines long. I copied it if you want to see it.

Most of the key strokes in the directory containing the antivirus files take 30-45 seconds.

Did TDSSKiller produce a log ?

Here it is, sorry.

Well so far everything is coming back clean

When I start Explorer, MSN is redirected to a big, long address and Explorer doesn’t allow me to connect to
any websites. I have another, clean HDD I can try, but as soon as I connect to the web, I’m sure this bug
will be right back. We have a router with other computers on it, but I shut them off when I’m running this.
The bug starts off slowly, then gets worse and worse when I connect to the web. I’ve tried hooking directly
to the router (Verison MyFi), but the results are the same.
One problem I have is that we have only 10GB a month and it only takes a few MS updates to surpass that.
Any ideas will be appreciated.

Thanks.

Delete your current copy of OTL please as a new one has been released, and we will check out IE

Download OTL to your Desktop

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

https://dl.dropbox.com/u/73555776/OTL_Main_Tutorial.gif

[*]Select All Users
[*]Under the Custom Scan box paste this in
netsvcs
BASESERVICES
%SYSTEMDRIVE%*.exe
HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /rs
CREATERESTOREPOINT
[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Post both logs

Here are the files:

You have both AVG and Avast one of them must be installed. Also IE is at version 7 and should be updated to IE9. Do any other computers using the router experience similar problems ?

I’ve been trying to get rid of AVG, but this computer won’t allow it. We have two other laptops on this router, one
with Avast and one with Avast. Win Defender is on from time to time.
The computer we’re concerned with had AVG and I changed it to Avast, trying to remove AVG.I have a removal tool,
but the PC won’t always cooperate.

I hate to take up all your time, I know there are others that need your help, but I wonder if changing to a new HDD,
staying off the internet would be a better way to find this thing?

Thanks, N

If you change the HDD would you install a fresh copy of windows onto it ?