"Windows Security Center service can't be started"

[LuigiAU]

My computer is a Toshiba Laptop (if that is of any concern) and about 3 years old. Aside from the aforementioned problems the computer runs fine, if not faster than before. I'm not sure if these are leftover issues from a removed virus that have not been resolved or something else...

Most recent scans detect no infections.

Thankyou for your time!

 

[kuttus]

Hi and welcome to the malwaretips.com forums!

I'm Kuttus and I am going to try to assist you with your problem. Please take note of the below:

• I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for this issue on this machine!
• The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
• If you don't know, stop and ask! Don't keep going on.
• Please reply to this thread. Do not start a new topic.
• Refrain from running self fixes as this will hinder the malware removal process.
• It may prove beneficial if you print of the following instructions or save them to notepad as I post them.

Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.


Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
<hr />

STEP 1: Run the below OTL fix
<ol><li>Start <>OTL.exe</></li>
<li>Copy/paste the following text written <>inside of the code box</> into the <>Custom Scans/Fixes</> box located at the bottom of OTL

:OTL
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3015261
[2013/04/10 18:21:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luigi\AppData\Roaming\Mozilla\Firefox\Profiles\ykry9tvv.default\extensions\anttoolbar@ant.com
[2013/05/08 19:58:40 | 000,534,214 | ---- | M] () (No name found) -- C:\Users\Luigi\AppData\Roaming\Mozilla\Firefox\Profiles\12vq7hij.default-1365583746560\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
O3 - HKLM\..\Toolbar: (no name) - {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
[2013/04/17 00:58:53 | 000,000,000 | ---D | C] -- C:\Users\Luigi\AppData\Roaming\Kariiw
[2013/04/17 00:58:53 | 000,000,000 | ---D | C] -- C:\Users\Luigi\AppData\Roaming\Asiv
[2013/04/14 18:56:22 | 000,000,000 | ---D | C] -- C:\Users\Luigi\AppData\Roaming\Hizy
[2013/05/08 21:03:22 | 000,016,384 | ---- | M] () -- C:\Users\Luigi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/05/08 18:19:32 | 000,722,318 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/05/08 18:19:32 | 000,146,218 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013/05/08 20:49:36 | 000,016,384 | ---- | C] () -- C:\Users\Luigi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/21 21:11:01 | 000,009,610 | -HS- | C] () -- C:\Users\Luigi\AppData\Local\tbfiuj2vtf1c6k5p5fm0tk3a5hlb1vq80f648vyqr7qcvu
[2011/12/21 21:11:01 | 000,009,610 | -HS- | C] () -- C:\ProgramData\tbfiuj2vtf1c6k5p5fm0tk3a5hlb1vq80f648vyqr7qcvu
[2011/09/28 16:44:14 | 000,179,271 | ---- | C] () -- C:\windows\System32\xlive.dll.cat
[2011/07/05 22:32:11 | 000,000,016 | ---- | C] () -- C:\windows\System32\asdict.dat
[2013/05/06 22:56:52 | 000,002,048 | -HS- | M] () -- C:\$RECYCLE.BIN\S-1-5-18\$8bb065065cc2cc421dff94194c86a39a\@
[2013/04/30 21:09:32 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN\S-1-5-18\$8bb065065cc2cc421dff94194c86a39a\L
[2013/05/07 23:16:29 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN\S-1-5-18\$8bb065065cc2cc421dff94194c86a39a\U
[2009/07/14 14:12:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[2011/08/11 09:47:51 | 000,000,000 | ---- | M] ()(C:\windows\System32\?????) -- C:\windows\System32\獷楬汢捯污
[2011/08/11 09:47:51 | 000,000,000 | ---- | C] ()(C:\windows\System32\?????) -- C:\windows\System32\獷楬汢捯污


:commands
[emptytemp]
[reboot]

<>NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system</></li>
<li>Then click the <>Run Fix</> button at the top</li>
<li>Let the program run unhindered, reboot when it is done</li>
<li>Attach the new log produced by OTL (C:\_OTL)</li>
</ol>

<hr />

 

[LuigiAU]

Hi Kuttus,

This fix was run twice as the first time I removed the USB which is was trying to write the log to accidentally. Here are both of the files:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Folder C:\Users\Luigi\AppData\Roaming\Mozilla\Firefox\Profiles\ykry9tvv.default\extensi​ons\anttoolbar@ant.com\ not found.
C:\Users\Luigi\AppData\Roaming\Mozilla\Firefox\Profiles\12vq7hij.default-1365583746560\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3ce45c4f-bfff-4988-9a3c-a75c1f491319} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Starting removal of ActiveX control {D27CDB6E-AE6D-11CF-96B8-444553540000}
C:\Windows\Downloaded Program Files\swflash64.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
C:\Users\Luigi\AppData\Roaming\Kariiw folder moved successfully.
C:\Users\Luigi\AppData\Roaming\Asiv folder moved successfully.
C:\Users\Luigi\AppData\Roaming\Hizy folder moved successfully.
C:\Users\Luigi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
C:\Windows\System32\perfh009.dat moved successfully.
C:\Windows\System32\perfc009.dat moved successfully.
File C:\Users\Luigi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini not found.
C:\Users\Luigi\AppData\Local\tbfiuj2vtf1c6k5p5fm0tk3a5hlb1vq80f648vyqr7qcvu moved successfully.
C:\ProgramData\tbfiuj2vtf1c6k5p5fm0tk3a5hlb1vq80f648vyqr7qcvu moved successfully.
C:\Windows\System32\xlive.dll.cat moved successfully.
C:\Windows\System32\asdict.dat moved successfully.
C:\$RECYCLE.BIN\S-1-5-18\$8bb065065cc2cc421dff94194c86a39a\@ moved successfully.
C:\$RECYCLE.BIN\S-1-5-18\$8bb065065cc2cc421dff94194c86a39a\L folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-18\$8bb065065cc2cc421dff94194c86a39a\U folder moved successfully.
C:\windows\assembly\Desktop.ini moved successfully.
C:\Windows\System32\獷楬汢捯污 moved successfully.
File C:\windows\System32\獷楬汢捯污 not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Luigi
->Temp folder emptied: 6508973 bytes
->Temporary Internet Files folder emptied: 18158235883 bytes
->Java cache emptied: 8983631 bytes
->FireFox cache emptied: 276288732 bytes
->Google Chrome cache emptied: 7578124 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 3074 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2446686 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 236482189 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 741 bytes
RecycleBin emptied: 406592141 bytes

Total Files Cleaned = 18,218.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05122013_194851

------------------------------------------------------------------

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Folder C:\Users\Luigi\AppData\Roaming\Mozilla\Firefox\Profiles\ykry9tvv.default\extensi​ons\anttoolbar@ant.com\ not found.
File C:\Users\Luigi\AppData\Roaming\Mozilla\Firefox\Profiles\12vq7hij.default-1365583746560\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3ce45c4f-bfff-4988-9a3c-a75c1f491319} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Starting removal of ActiveX control {D27CDB6E-AE6D-11CF-96B8-444553540000}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Folder C:\Users\Luigi\AppData\Roaming\Kariiw\ not found.
Folder C:\Users\Luigi\AppData\Roaming\Asiv\ not found.
Folder C:\Users\Luigi\AppData\Roaming\Hizy\ not found.
File C:\Users\Luigi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini not found.
File C:\windows\System32\perfh009.dat not found.
File C:\windows\System32\perfc009.dat not found.
File C:\Users\Luigi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini not found.
File C:\Users\Luigi\AppData\Local\tbfiuj2vtf1c6k5p5fm0tk3a5hlb1vq80f648vyqr7qcvu not found.
File C:\ProgramData\tbfiuj2vtf1c6k5p5fm0tk3a5hlb1vq80f648vyqr7qcvu not found.
File C:\windows\System32\xlive.dll.cat not found.
File C:\windows\System32\asdict.dat not found.
File C:\$RECYCLE.BIN\S-1-5-18\$8bb065065cc2cc421dff94194c86a39a\@ not found.
Folder C:\$RECYCLE.BIN\S-1-5-18\$8bb065065cc2cc421dff94194c86a39a\L\ not found.
Folder C:\$RECYCLE.BIN\S-1-5-18\$8bb065065cc2cc421dff94194c86a39a\U\ not found.
File C:\windows\assembly\Desktop.ini not found.
File C:\windows\System32\獷楬汢捯污 not found.
File C:\windows\System32\獷楬汢捯污 not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Luigi
->Temp folder emptied: 110063 bytes
->Temporary Internet Files folder emptied: 145304367 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 1226507 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8423 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 140.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05122013_200848

Files\Folders moved on Reboot...
C:\Users\Luigi\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

-------------------------------------------------------------------

Thanks!

 

[LuigiAU]

EDIT: Multiple Posts

 

[LuigiAU]

Thanks! there they are.

 

[kuttus]

STEP 1: Run a scan with Farbar Service Scanner

<ol> <li>Download Farbar Service Scanner from the below link.
<><a title="External link" href="http://download.bleepingcomputer.com/farbar/FSS.exe" rel="external">FABAR SERVICE SCANNER</a></> <em> (This link will automatically download Farbar Service Scanner on your computer)</em></li>
<li>Run the ulity and checkmark all the boxes</li>
<li> Click on the Scan button.
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/09/fabar.png" /></li>
<li>Add the log that will produce in your next reply.</li></ol>
<hr />

 

[LuigiAU]

Done, here it is.

 

[kuttus]

Download the following regfix files and open the RegFix files one by one... Click YES when you get UAC prompt.

1. MpsSvc
2. wscsvc
3. WinDefend

After that restart your computer....

After the reboot run the Farbar Service Scanner once agagin and send me the logs.

 

[LuigiAU]

Second log attached...

 

[kuttus]

Do you run the above Reg Fixes?

 

[LuigiAU]

Yes, I can run them again and scan again?

 

[kuttus]

It seems the Fixes is not worked. Please run the registry Fixes once again......

MpsSvc
wscsvc
WinDefend

 

[LuigiAU]

Ran them again in the same way, reboot then scanned.

 

[kuttus]

Please run the following utility so that I can get a log of your system...
STEP 1 : Run a scan with Combofix

Please read and follow very carefully the below instructions​

Download ComboFix from one of the following locations:

COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
----------------------------------------------------------------
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

<ul>
<li>Close any open browsers.</li>
<li>Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
<>Very Important!</> Temporarily <>disable</> your <>anti-virus</>, <>script blocking</> and any <>anti-malware</> real-time protection <em><>before</></em> performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause <em>"unpredictable results"</em>.</li>
<li><>WARNING: Combofix will disconnect your machine from the Internet as soon as it starts</>.Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.</li>
</ul>
-----------------------------------------------------------------

How to run the Combofix scan :

1. Double click on ComboFix.exe & follow the prompts.
2. Accept the disclaimer and allow to update if it asks
3. When finished, it shall produce a log for you.
   [*]Please include the C:\ComboFix.txt in your next reply.

Additional notes:
<ol><li> Do not mouse-click Combofix's window while it is running. That may cause it to stall.</li>
<li> Do not "re-run" Combofix. If you have a problem, reply back for further instructions.</li>
<li> If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.</li></ol>



<hr />

 

[LuigiAU]

The laptop was restarted during the scan, and antivirus programs that run on startup (AVG, Malwarebytes) were started also. I stopped them when I noticed but I'm not sure if this will effect results?

Log file is attached:

 

[kuttus]

STEP 1 : Run a scan with Kaspersky TDSSKiller
<ol>
<li>Download Kaspersky TDSKiller from the below link.
<><a title="External link" href="http://support.kaspersky.com/downloads/utils/tdsskiller.exe" rel="external">KASPERKSY TDSSKILLER DOWNLOAD LINK</a></> <em>(This link will automatically download Kaspersky TDSSKiller on your computer)</em>
</li>
<li>Double-click on <>TDSSKiller.exe</> to run the application.
<img src="http://img4.imageshack.us/img4/1907/tdss1.png" alt="Posted Image" /></li>
<li>Click <>Change parameters</>
<img src="http://img593.imageshack.us/img593/288/tdss2.png" alt="Posted Image" /></li>
<li>Check the boxes next to <>Verify Driver Digital Signature</> and <>Detect TDLFS file system</>, then click <>OK</>
<img src="http://img521.imageshack.us/img521/1456/tdss3.png" alt="Posted Image" /></li>
<li>Click on the <>Start Scan</> button to begin the scan and wait for it to finish.
<>NOTE:</> Do not use the computer during the scan!</li>
<li>During the scan it will look similar to the image below:
<img src="http://img6.imageshack.us/img6/9136/tdss4.jpg" alt="Posted Image" /></li>
<li>When it finishes, you will either see a report that no threats were found like below:
<img src="http://img696.imageshack.us/img696/9898/tdss5.jpg" alt="Posted Image" />
If no threats are found at this point, just click the <>Report</> selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.</li>
<li>If any infection or suspected items are found, you will see a window similar to below:
<img src="http://img854.imageshack.us/img854/905/tdss7.jpg" alt="Posted Image" />
<ul>
<li>If you have files that are shown to fail <em>signature check</em> do not take any action on these. Make sure you select <>Skip</>. I will tell you what to do with these later. They may not be issues at all.</li>
<li>If <em>Suspicious objects</em> are detected, the default action will be Skip. Leave the default set to Skip.</li>
<li>If <em>Malicious objects</em> are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
Make sure that <>Cure</> is selected. <>VERY IMPORTANT!</> - If <em>Cure</em> is not available, please choose <>Skip</> instead. DO NOT choose Delete unless instructed to do so.</li>
</ul>
</li>
<li>Click <>Continue</> to apply selected actions.</li>
<li>A reboot may be required to complete disinfection. A window like the below will appear:
<img src="http://img828.imageshack.us/img828/4812/tdss6.jpg" alt="Posted Image" />
Reboot immediately if TDSSKiller states that one is needed.</li>
<li>Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like <>TDSSKiller.2.1.1_2.12.2012_14.17.04_log.txt</> which is based on the program version # and date and time run.</li>
<li>Attach this log to your next reply.</li>
</ol>
<hr />
STEP 2: Run a scan with Junkware Removal Tool

Please download Junkware Removal Tool to your desktop from here

• Turn off your antivirus software now to avoid potential conflicts
• Double-click to run the tool. For Windows Vista or 7 users, right-click the file and select Run as Administrator
• The tool will open and start scanning your system
• Please be patient as this can take a while to complete depending on your system's specifications
• On completion, a log (JRT.txt) will be saved to your desktop and will automatically open
• Post the contents of JRT.txt into your next reply

---

STEP 3: Run a scan with AdwCleaner

<ol><li>Download AdwCleaner from the below link.
<><a href="http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner" target="_blank">ADWCLEANER DOWNLAOD LINK</a></> (This link will automatically download Security Check on your computer)</li>

<li>Close all open programs and internet browsers.</li>
<li>Double click on <>adwcleaner.exe</> to run the tool.</li>
<li>Click on <>Delete</>,then confirm each time with <>Ok</>.</li>
<li>Your computer will be rebooted automatically. A text file will open after the restart.</li>
<li>Please post the contents of that logfile with your next reply.</li>
<li>You can find the logfile at <>C:\AdwCleaner[S1].txt</> as well.</li>
</ol>
<hr/>

 

[LuigiAU]

Cannot download AdwCleaner on other computer will, try a 3rd and get back to you.

Other logs attached:

 

[kuttus]

Okay.

 

[LuigiAU]

Run as asked, here is the log:

 

[kuttus]

Download Malwarebytes Anti-Rootkit from here to your Desktop

• Unzip the contents to a folder on your Desktop.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Make sure there is a check next to Create Restore Point and click the Cleanup button to remove any threats. Reboot if prompted to do so.
• After the reboot, perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If there are threats, click Cleanup once more and reboot.
• When done, please post the two logs in the MBAR folder(mbar-log.txt and system-log.txt)

---

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version.
• When it prompts you to try their 30-day trail, click decline
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

---

STEP 2: Run a HitmanPro scan
<ol>
<li><>Download the latest official version of HitmanPro</>.
<a href="http://www.surfright.nl/en/hitmanpro/" rel="nofollow" target="_blank"> <>HITMANPRO DOWNLOAD LINK</></a> <em>(This link will open a download page in a new window from where you can download HitmanPro)</em></li>
<li>Start HitmanPro by <>double clicking on the previously downloaded file.</> and then following the prompts.
<img src="http://malwaretips.com/images/removalguide/hpro4.png" alt="[Image: hitmanproscan4.png]" border="0" /></li>
<li>Once the scan is complete, a screen displaying all the malicious files that the program found will be shown as seen in the image below.After reviewing each malicious object click <>Next</> .
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/02/rsz_hpro5.png" alt="[Image: hitmanproscan5.png]" border="0" /></li>
<li>Click <>Activate free license</> to start the free 30 days trial and remove the malicious files.
<img src="http://malwaretips.com/images/removalguide/hpro6.png" alt="[Image: hitmanproscan6.png]" border="0" /></li>
<li>HitmanPro will now start removing the infected objects, and in some instances, may suggest a reboot in order to completely remove the malware from your system. In this scenario, always confirm the reboot action to be on the safe side.
</ol>
Add to your next reply, any log that HitmanPro might generate.
<hr />