DEVASTATION!

I had microsoft security essentials and it did not protect me from something that has infected my system. I uninstalled the security essentials and installed AVAST. I did a boot scan and it found a few things which were fixed. I also run malwarebytes and superantispyware. The problem persists:
I cannot get Security Center to start (something keeps disabling it) and also on both my Browsers iE and Firefox I keep getting redirected to various sites.

Here is a log from Highjackthis; PLEASE SOMEONE HELP!

Follow this guide from our expert malware remover Essexboy
http://forum.avast.com/index.php?topic=53253.0
( post the logs here in this topic and not in the guide )

To avoid using multiple post with copy and paste you have to attach the log`s
Lower left corner: Additional Options > Attach ( Malwarebytes log / OTS log ) save OTS log as ANSI

Essexboy will look at the logs when he arrive here later today…

Malware and superantispyware did not find anything. Avast found at bootscan the following: Trojan.Agent/Gen-Fraudpack.
I redid a boot scan and nothing else was found. Now I have this problem that even though I start security center in services it is after about 1 minute it becomes disabled and both my browsers redirect me to a site SECURE.BIDVERTISER.COM

was Malwarebytes updated when you scanned?

follow the guide i linked to and post the OTS log

All the pertinent anti malware progs were updated. I have a log of Spybot that has some entries; can I post it here? Also Java stopped working!

you may, but what Essexboy need is the OTS log

Modern malware will hide all, or most of itself from detection in a HijackThis log. HijackThis (HJT) is very popular, and if malware can hide from it, it has a better chance of survival. But mostly HJT fails to detect malware because, with the exception of some bug fixes and minor updates, it has not been updated in a long time.

Sorry for my ignorance but what is OTS?

Diagnostic program like HijackThis only 100 times better

click the link in my first reply

her you can read about the older version OTL
http://www.geekstogo.com/otl-by-oldtimer-a-modern-replacement-for-hijackthis/

Not to mention HJT hasn’t had an update in well over a year and any supposed security/analysis tool that isn’t update is pretty much worthless.

I download OTL from sourceforge but the rar file does not contain an exe nor an install application?

Don’t you have a software to extract it?
For example: 7-zip

You can download it here:
http://www.filehippo.com/download_7zip_32/

If you use the link to the guide i posted http://forum.avast.com/index.php?topic=53253.0 then scroll down to you see the blue OTS and click it

OK I have OTL running now; Will post the log when finished.
Thank you all very much for your help. I hope it works. By the way I had Zip installed but after the infection it disappeared?

When you post the OTS log could you give me a brief synopsis of your problems

Since the infection: Security center keeps turning off even though I start it in services. Web Browsers keep rerouting me to SECURE.BIDVERTISER.COM

Hope someone can help me ??? Thanks Guys!

Let me know if there are any problems after this run

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the Run Fix button.

 
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-4149854431-98036347-1619213294-1001\] > -> HKEY_USERS\S-1-5-21-4149854431-98036347-1619213294-1001\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
YN -> \{5a3b6e40-f96d-11df-a960-806e6f6e6963}\shell\\"" -> [AutoRun]
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a3b6e40-f96d-11df-a960-806e6f6e6963}\shell\AutoRun\command -> 
YN -> \{5a3b6e40-f96d-11df-a960-806e6f6e6963}\shell\AutoRun\command\\"" -> [C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Start.hta]
[Files/Folders - Modified Within 30 Days]
NY ->  Xwhh.job -> C:\Windows\tasks\Xwhh.job
[Files - No Company Name]
NY ->  Xwhh.job -> C:\Windows\tasks\Xwhh.job
NY ->  jbVCOnAtBW3OI.vbs -> C:\Users\yiannis\AppData\Roaming\jbVCOnAtBW3OI.vbs
NY ->  EWdIz4w.vbs -> C:\Users\yiannis\AppData\Roaming\EWdIz4w.vbs
NY ->  9bfPeGEvV9a4oCd.vbs -> C:\Users\yiannis\AppData\Roaming\9bfPeGEvV9a4oCd.vbs
NY ->  3Nx0EFJcDjB5Z.vbs -> C:\Users\yiannis\AppData\Roaming\3Nx0EFJcDjB5Z.vbs
NY ->  m6t5X4g.vbs -> C:\Users\yiannis\AppData\Roaming\m6t5X4g.vbs
[File - Lop Check]
NY ->  Xwhh.job -> C:\Windows\Tasks\Xwhh.job
[Custom Items]
:Files
ipconfig /flushdns /c
:end
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

Depending on what the fix contains, this process may take some time and your desktop icons might disappear or other uncommon behavior may occur.

This is no sign of malfunction, do not panic!

Here it is and thanks for you help:

All Processes Killed
[Registry - Safe List]
Registry value HKEY_USERS\S-1-5-21-4149854431-98036347-1619213294-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-4149854431-98036347-1619213294-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{5a3b6e40-f96d-11df-a960-806e6f6e6963}\shell\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{5a3b6e40-f96d-11df-a960-806e6f6e6963}\shell\AutoRun\command\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{5a3b6e40-f96d-11df-a960-806e6f6e6963}\shell\AutoRun\command not found.
[Files/Folders - Modified Within 30 Days]
C:\Windows\tasks\Xwhh.job moved successfully.
[Files - No Company Name]
File C:\Windows\tasks\Xwhh.job not found!
C:\Users\yiannis\AppData\Roaming\jbVCOnAtBW3OI.vbs moved successfully.
C:\Users\yiannis\AppData\Roaming\EWdIz4w.vbs moved successfully.
C:\Users\yiannis\AppData\Roaming\9bfPeGEvV9a4oCd.vbs moved successfully.
C:\Users\yiannis\AppData\Roaming\3Nx0EFJcDjB5Z.vbs moved successfully.
C:\Users\yiannis\AppData\Roaming\m6t5X4g.vbs moved successfully.
[File - Lop Check]
File C:\Windows\Tasks\Xwhh.job not found!
[Custom Items]
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\yiannis\Desktop\cmd.bat deleted successfully.
C:\Users\yiannis\Desktop\cmd.txt deleted successfully.
[Empty Temp Folders]

User: All Users

OH! OH! Security center still turns off. If I instruct it to turn on it refuses and the only way to turn it on is through services but it reverts back to disable after about a minute.

OK phase two now -

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

[]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
[
]Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

I disabled Avast but combofix keeps telling me that it is still active??? I disabled avast from the start menu and rebooted and although avast is not running combo insists it is???