So avast keeps blocking these URL Mal: hxxp://crossmatchx.com/x/ hxxp://85.195.92.11/x/ hxxp://paspartux.com/x/ all process from C:windows/system32/svchost.ese, it blocks it every 30secs even if im off the net. i did a boot time scan which found some viruses, but didnt fix, i did a full time scan also didnt find anything, i had to do the scan in safe mode because when i did the boot time scan, and it killed the viruses, my pc started to crash with the blue screen saying its shutting down so the pc wont dmg, so i turn my pc on again, those url mal still popping up but it takes 3-4mins for the blue screen to show up and auto restart. Is their some way i can fix this, any help or answer will help me a lot. thanks.
This needs further analysis by a malware removal specialist:
Go to this topic http://forum.avast.com/index.php?topic=53253.0 for information on Logs to assist in cleaning malware. Use the information about getting and using the tools and attach the logs here, not in the LOGS topic.
so will i be able to do this in safe mode on my laptop, i wrote this post on my desktop. If i were to turn on my laptop it would crash in 3-4mins. thanks for the fast reply too
I believe so, but I’m not a malware removal specialist.
It is also late for many of the malware specialists 12:10pm in the UK.
So there may be some delay due to differing time zones and availability of the volunteer malware removal specialists.
thanks im up late nights anyways, so will they come to me, or do i have to contact them somehow? thanks for the information.
you attach the logs here …and the removers will reply here
AdwCleaner v2.002 - Logfile created 09/22/2012 at 00:33:33
Updated 16/09/2012 by Xplode
Operating system : Windows 7 Professional Service Pack 1 (32 bits)
User : Owner - OWNER-PC
Boot Mode : Safe mode with networking
Running from : C:\Users\Owner\Downloads\adwcleaner.exe
Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\user.js
File Deleted : C:\Users\Owner\AppData\Local\Temp\Uninstall.exe
Folder Deleted : C:\Program Files\BabylonToolbar
Folder Deleted : C:\Program Files\Yontoo
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Owner\AppData\Local\Temp\avg@toolbar
Folder Deleted : C:\Users\Owner\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Owner\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Owner\AppData\Roaming\BabylonToolbar
Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\88276rxw.default\extensions\plugin@yontoo.com
***** [Registry] *****
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{B8276A94-891D-453C-9FF3-715C042A2575}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193
Key Deleted : HKLM\SOFTWARE\Classes\Interface{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall{83AA2913-C123-4146-85BD-AD8F93971D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Deleted : HKLM\Software\Tarma Installer
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
***** [Internet Browsers] *****
-\ Internet Explorer v9.0.8112.16421
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
-\ Mozilla Firefox v14.0.1 (en-US)
Profile name : default
File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\88276rxw.default\prefs.js
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\88276rxw.default\user.js … Deleted !
Deleted : user_pref(“browser.babylon.HPOnNewTab”, “search.babylon.com”);
Deleted : user_pref(“browser.newtab.url”, "hxxp://search.babylon.com/?affID=113959&tt=3012_8&babsrc=NT_ss&mntr[…]
Deleted : user_pref(“browser.search.defaultenginename”, “AVG Secure Search”);
Deleted : user_pref(“browser.search.order.1”, “Search the web (Babylon)”);
Deleted : user_pref(“browser.search.selectedEngine”, “AVG Secure Search”);
Deleted : user_pref(“extensions.BabylonToolbar.admin”, false);
Deleted : user_pref(“extensions.BabylonToolbar.aflt”, “babsst”);
Deleted : user_pref(“extensions.BabylonToolbar.dfltLng”, “en”);
Deleted : user_pref(“extensions.BabylonToolbar.excTlbr”, false);
okay so that was the results of AdwCleaner thats what u guys wanted right? do i keep going and do Malwarebytes’ Anti-Malware?
Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org
Database version: v2012.09.22.02
Windows 7 Service Pack 1 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]
Protection: Disabled
9/22/2012 1:36:46 AM
mbam-log-2012-09-22 (01-36-46).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 184424
Time elapsed: 2 minute(s), 56 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\Owner\Downloads\winrar setup.exe (PUP.AdBundle) → Quarantined and deleted successfully.
(end)
results for the Malwarebytes’ Anti-Malware
i did the scan OTL, it said 2 note pads were suppose to open but only one did, also when i finished the otl scan my internet browsing experience was soo much better, i dont get connection fail errors, no huge lags for www.google.com or yahoo. im still in safe mode though.
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-22 02:51:38
02:51:38.160 OS Version: Windows 6.1.7601 Service Pack 1
02:51:38.160 Number of processors: 1 586 0x170A
02:51:38.161 ComputerName: OWNER-PC UserName: Owner
02:51:39.861 Initialize success
02:51:41.441 AVAST engine defs: 12092100
02:52:36.722 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IdeDeviceP0T0L0-0
02:52:36.725 Disk 0 Vendor: Hitachi_HTS543225L9A300 FBEOC40F Size: 238475MB BusType: 11
02:52:36.737 Disk 0 MBR read successfully
02:52:36.740 Disk 0 MBR scan
02:52:37.225 Disk 0 Windows 7 default MBR code
02:52:37.237 Disk 0 MBR hidden
02:52:37.247 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
02:52:37.753 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238373 MB offset 206848
02:52:37.798 Disk 0 scanning sectors +488394752
02:52:38.319 Disk 0 scanning C:\Windows\system32\drivers
02:52:54.748 Service scanning
02:53:21.386 Modules scanning
02:53:30.717 Disk 0 trace - called modules:
02:53:30.719 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x855af4b1]<<
02:53:30.719 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0x852dc7c8]
02:53:30.719 3 CLASSPNP.SYS[8a7ad59e] → nt!IofCallDriver → [0x854e82a0]
02:53:30.720 \Driver\atapi[0x854d99b0] → IRP_MJ_CREATE → 0x855af4b1
02:53:31.688 AVAST engine scan C:\Windows
02:53:33.144 AVAST engine scan C:\Windows\system32
02:55:12.792 AVAST engine scan C:\Windows\system32\drivers
02:55:23.481 AVAST engine scan C:\Users\Owner
02:55:54.783 AVAST engine scan C:\ProgramData
02:56:17.273 Scan finished successfully
02:58:38.716 Disk 0 MBR has been saved successfully to “C:\Users\Owner\Desktop\MBR.dat”
02:58:38.723 The log file has been saved successfully to “C:\Users\Owner\Desktop\Logs2.txt”
results for the aswMBR.exe
okay so all in all i keep getting the same 3 URL MAL out of safe mode, but my internet experience is much faster in safe mode, as to it was giving lost connection or just really really bad lag. all that is cured so whats the next step into trying to fix the hxxp://crossmatchx.com/x/ hxxp://85.195.92.11/x/ hxxp://paspartux.com/x/ every 30 secs avast blocks them and then in 3-4mins my pc crashes with the blue screen saying its shutting down to prevent dmg to my pc
@suerblue
Download OTL from one of the following links:
[]Download link1
[]Download link2
Remember to save it on your Desktop.
[*] Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*] Click on Scan All Users
[*] Paste this into Custom Scans/Fixes box at the bottom
netsvcs
drives
CREATERESTOREPOINT
BASESERVICES
C:\*.* /md5
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
[*] Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*] When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*] Please attach ( Attachments and other options ) them in this thread.
okay there we go.
[list]Hi,
Preparation …
First we need to remove former antivirus leftovers. I see trases of Symantec ( Norton ) , AVG and avast.
Running - more than one - antivirus program is not recommended because:
[*]They can conflict with each other.
[*]Report the other antivirus software as malicious.
[*]Antivirus programs use an enormous amount of computer’s resources… actively scanning your computer.
[*]Can cause your computer to become unstable…run slowly and even, in rare cases, BSOD crash…etc
I strongly suggest you uninstall and leave just one of them.
Which one, is your decision.
Then …
Download AppRemover (~ 6MB) on Desktop .
- Run it by double-clicking…
- Click Next, choose the second option (Clean Up a Failed Uninstall), confirm with Continue, go to Next, wait to be finished, choose what it find, scan and remove it by clicking on the Next .
Malware removal…
Step#1
Download TDSSKiller and save it to your desktop
Execute [b]TDSSKiller.exe[/b] by doubleclicking on it.
[*] Press Start Scan
[*] If Suspicious object is detected, the default action will be Skip, click on Continue.
[*] If Malicious objects are found, select Cure.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, [b]C:\TDSSKiller.<version_date_time>log.txt[/b]
Please post the contents of that log in your next reply.
Step#2
Download ComboFix from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
note: ComboFix must be downloaded to your Desktop.
Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this or this Instruction.
How to disable avast:
[*]Right-click on the avast! icon in the lower right corner of the screen and choose Open Avast! User Interface.
[*]In the window that opens on the top right corner, click Settings.
[*]In a new window that opens, choose the option Troubleshooting, Uncheck Enable avast! self-defense, and click OK.
[*]Right-click on the avast! icon in the lower right corner of the screen and select avast! shield controls .
[*]In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.
Note: Do not forget to turn on this option after the cleaning.
Run ComboFix. Click on I Agree!
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix’s window while it is running.
If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart computer once more.
When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
Attach log reports ( ComboFix.txt) back to topic.
heres the TDSSKiller.exe results
oh yeah i forgot the app remover found nothing.
okay combofix ran smooth, ill stand by untill u tell me whats next to do.
okay so im finally out of safe mode and surprisingly, avast isnt popping up with the 3 URL MAL, and no crashes with the blue screen, and its not running terribly slow. it seems to be back to how it use too be. im hoping i dont get any ugly surprises.
We working in progress 8)
Re-run TDSSKiller then click on Change parameters.
[*] Put a checkmark beside loaded modules.
[*] A reboot will be needed to apply the changes. Do it.
TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
[*] Then click on Change parameters in TDSSKiller.
[*] Check all boxes then click OK.
[*] Click the Start Scan button.
- If a suspicious object is detected, the default action will be Skip, click on Continue.
- If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
[*] Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of “TDSSKiller.[Version][Date][Time]_log.txt”.
[*] Please attache the contents of that file here.