Go to
Start > Run and copy then past
sc stop MsSecurity1.209.4 then click
OKNow again go to
Start > Run and copy and paste
sc delete MsSecurity1.209.4 then click
OK----------
Open Hijackthis and select Do a system scan only then place a check mark next to (if there)
- O4 - HKLM\..\Run: [ynupuhwb] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\ynupuhwb.dll"
- O4 - HKLM\..\Run: [1cbf3279] rundll32.exe "C:\WINDOWS\system32\tedpyuln.dll",b
- O4 - HKCU\..\Run: [Ltho] "C:\PROGRA~1\COMMON~1\ASKS~1\arpa.exe" -vt yazb
- O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\winself.exe (file missing)
Now click Fix checked
----------
Download
OTMoveIt2 by OldTimer- Save it to your desktop.
- Double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
- Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
C:\WINDOWS\winself.exe
C:\PROGRA~1\COMMON~1\ASKS~1\arpa.exe
C:\WINDOWS\system32\tedpyuln.dll
C:\Documents and Settings\All Users\Application Data\ynupuhwb.dll
- Return to OTMoveIt2, right click in the "Paste Standard List of Files/Folders to Move" window (under the Yellow bar) and choose Paste.
- Click the red Moveit! button.
- Copy everything in the Results window (under the Green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
- Close OTMoveIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose
Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter
*.log and press the Enter key, navigate to the
C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
----------
Post the OTMoveIt log and run a new Hijackthis scan and post that log.
If you are still stuck in safe mode then try to run SDFix again and get a log from that.