BleepingComputer.com: Clicking on a link redirects me.

Very well.
Do the same with two other keys and proceed with the rest of instructions.

Ok, Ive done as instructed. Double licking on the start_services.bat brings up a black screen that appears, and dissapears in less then half a second. I have no idea what it did, or said, nor can I find any changes.

Checking on the firewall resules in the same notice as before. What/how do I run the FSS log?

So I ran the fss.exe.

Im assuming this was what you meant.

Here is the log...

Farbar Service Scanner
Ran by BoatBright (administrator) on 29-12-2011 at 17:51:49
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.


Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Did you perform this part:

Click Start and in "Start search" type in:
regedit
Press Enter.

Registry editor will open.
Navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
Right click on BFE key, click "Permissions"
Click on Add button, type Everyone and click OK.
Now click once on Everyone
Below, in "Permissions" pane checkmark "Alow" in "Full control" row.
Click OK.

If this is correct... yes... it was done prior to what I posted.

In that case I want you get more advanced checkup.

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

I have completed the steps as asked. New thread can be found here...

http://www.bleepingcomputer.com/forums/topic435240.html/page__gopid__2529340

Cool

Broni,

Hey... I think I determined what went wrong.

The redirect got worse today... MUCH WORSE. I couldnt even pull up google, or my mail, or anything without it redirecting. I couldnt find Avast on my computer either. When I tried to go to the Avast website, it "wasnt working".

I rebooted in Safe Mode w/ Networking. Re-downloaded Avast. Ran a boot/scan. I was given the option (as I was the first time, where I skipped without making any changes) to move infected items to the "chest".

I chose this item this time. Upon completion, I logged on... no redirect... nothing at all. Windows firewall... is on, and working.

I dont believe I need to have that new thread. What do you think I should do from this point?

If it is clean/secure... I would like to take care of that stupid warning notice upon log on, and would like to know what/how I can delete all of this stuff we have put on my desktop without screwing this all up. Thanks for everything!

William

Well, good news

Update me in couple of days....

You can delete all of our stuff because none of those tools install.