Browsers compromised

[essexboy]

What problems remain ?

[REDACTED]

I ran the adware cleaner too. Here goes the log! I removed chrome too.

I will send the first set of logs from the third computer in a minute.

[REDACTED]

Computer # 3 log.

Here they go!

[essexboy]

This one also has McAfee still running

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
2015-04-17 08:14 - 2015-04-17 08:14 - 00000000 __HDC () C:\Users\Todos os Usuários\{6AACA38B-2810-4B47-BDEC-D7A1F38B1531}
2015-04-17 08:14 - 2015-04-17 08:14 - 00000000 __HDC () C:\ProgramData\{6AACA38B-2810-4B47-BDEC-D7A1F38B1531}
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

[REDACTED]

Everything seems fine now. The fourth dell, computer, the one that has windows 7. Does not seem compromised after all. 

Here go the final logs!

[REDACTED]

Bad Luck! 

Russian sites are back.

Internet Explored is compromised again in the third computer.

I will run the tests again.

[REDACTED]

Here they go.

Good night for all.

[essexboy]

This is just in IE ?

[REDACTED]

Good morning.

I uninstalled Chrome from computer #3, after yesterday's cleaning. All simptoms disapered for some time. But then both IE and Firefox were compromised again.

I'am using computer #1 and so far its browsers seem OK.

[REDACTED]

Ooops. Firefox has been compromised on computer #1 too. I used it for quite some time after yesterday's removal processth with no problems at all. But it now infected too. 

[essexboy]

The problem may be in the router I feel

Could you reset the router..  There should be a small hole at the back labelled reset.  Use a biro to press and hold until the lights start flashing

[REDACTED]

I reset the router and ran IPCONFIG /flushdns on computer #1. The problem with firefox on computer # 1 persists.

[essexboy]

OK that one may be the root cause.  Could you run FRST on that one again please

[REDACTED]

I got a ERUNT access violation error when I first tried Farbar Recovery Scan. But then it worked OK. It happened yesterday too but I forgot to report.

I checked my router's configuration and it uses a couple of DNS servers that belong to my Internet Provider (I checked through whois). My router's DNS server is set through my Internet Provider's DHCP server.

Here go Log files from computer #1.

[REDACTED]

One more thing. Now that computer #1 is compromised, when I try to load some pages I get error messages telling me I don't have an Internet Conection at the moment. That may be a network problem or maybe something creepy. 

My Internet connection is usually very good.