[Active] virus scanners and IE wont open error message

gyan19 · #1 (**permalink**) 16-07-2009, 09:43 AM

yesterday i downloaded what seems to be an update for flash .xflv then problems arise:
1. i cant scan my PC for virus im using norton 360
2. cant open IE error message: a problem caused the program to stop working correctly. windows will close the program and notify you if a solution is available
3.mozilla keeps on crashing

some steps i've gone thru:
1. disable norton downloaded avira i'll post the log
2. downloaded cleaner and run it
3. downloaded malwarebytes at first it wont run i changed the name of the .exe- run on full scan and hangs on d:\windows\system32\config\DEFAULT
4. downloaded super antispywareat first it wont run downloaded RUNAS.exe i post the log
5. downloaded hijackthis... cant open error message: a problem caused the program to stop working correctly. windows will close the program and notify you if a solution is available

can you please help me. its been 2 days and i havent slept because im trying to save this computer. thanks in advance

broni · #2 (**permalink**) 17-07-2009, 12:45 AM

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

gyan19 · #3 (**permalink**) 18-07-2009, 02:28 AM

ComboFix 09-07-14.08 - giancarlo 07/17/2009 18:02.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1661.986 [GMT -7:00]
Running from: c:\users\giancarlo\Downloads\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2049136128-3216804590-1937335049-500
c:\users\giancarlo\AppData\Roaming\Microsoft\Inter net Explorer\Quick Launch\SUPERAntiSpyware Free Edition.lnk
c:\windows\Installer\cc44cf.msi
c:\windows\system32\ESQULpddfhkiqhnrtxcnwhyeyxgrec cbbrikj.dll
c:\windows\system32\ESQULqwychbmqxqipoiqpntmxkvvvn rvbmseb.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ESQULserv.sys

((((((((((((((((((((((((( Files Created from 2009-06-18 to 2009-07-18 )))))))))))))))))))))))))))))))
.

2009-07-17 22:35 . 2009-07-11 19:34 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715. 003\IDSXpx86.sys
2009-07-17 22:35 . 2009-07-11 19:34 293424 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715. 003\IDSvix86.sys
2009-07-17 22:35 . 2009-07-11 19:34 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715. 003\Scxpx86.dll
2009-07-17 22:35 . 2009-07-11 19:34 451960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715. 003\IDSxpx86.dll
2009-07-17 22:35 . 2009-07-11 19:34 397360 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715. 003\IDSviA64.sys
2009-07-17 15:14 . 2009-07-15 12:19 87888 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009071 7.006\NAVENG.SYS
2009-07-17 15:14 . 2009-07-15 12:19 875728 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009071 7.006\NAVEX15.SYS
2009-07-17 15:14 . 2009-07-15 12:19 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009071 7.006\NAVENG32.DLL
2009-07-17 15:14 . 2009-07-15 12:19 1181040 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009071 7.006\NAVEX32A.DLL
2009-07-17 15:14 . 2009-07-15 12:19 101936 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009071 7.006\ERASER.SYS
2009-07-17 15:14 . 2009-07-15 12:19 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009071 7.006\EECTRL.SYS
2009-07-17 15:14 . 2009-07-15 12:19 259368 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009071 7.006\ECMSVR32.DLL
2009-07-17 15:14 . 2009-07-15 12:19 2414128 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009071 7.006\CCERASER.DLL
2009-07-16 03:11 . 2009-07-16 03:11 -------- d-----w- c:\users\giancarlo\AppData\Roaming\Malwarebytes
2009-07-16 03:05 . 2009-07-13 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-16 03:05 . 2009-07-16 03:05 -------- d-----w- c:\programdata\Malwarebytes
2009-07-16 03:05 . 2009-07-16 03:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-16 03:05 . 2009-07-13 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-16 02:13 . 2009-07-18 00:15 117760 ----a-w- c:\users\giancarlo\AppData\Roaming\SUPERAntiSpywar e.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-16 02:13 . 2009-07-16 02:13 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-07-16 01:59 . 2009-07-16 02:12 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-16 01:59 . 2009-07-16 01:59 -------- d-----w- c:\users\giancarlo\AppData\Roaming\SUPERAntiSpywar e.com
2009-07-16 01:58 . 2009-07-16 01:58 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-15 22:22 . 2009-03-24 23:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-15 21:57 . 2009-07-15 21:57 -------- d-----w- c:\program files\Trend Micro
2009-07-15 21:19 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-15 21:19 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-15 20:10 . 2009-07-15 20:10 -------- d-----w- c:\windows\system32\ca-ES
2009-07-15 20:10 . 2009-07-15 20:10 -------- d-----w- c:\windows\system32\eu-ES
2009-07-15 20:10 . 2009-07-15 20:10 -------- d-----w- c:\windows\system32\vi-VN
2009-07-15 19:41 . 2009-07-15 19:41 -------- d-----w- c:\windows\system32\EventProviders
2009-07-15 19:37 . 2009-04-11 05:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-07-15 19:35 . 2009-04-11 06:28 2012160 ----a-w- c:\windows\system32\milcore.dll
2009-07-15 19:34 . 2009-04-11 06:32 226280 ----a-w- c:\windows\system32\drivers\volsnap.sys
2009-07-15 19:33 . 2009-04-11 06:28 17408 ----a-w- c:\windows\system32\midimap.dll
2009-07-15 19:32 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-07-15 18:35 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-15 18:35 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 18:35 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 18:35 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll
2009-07-15 18:35 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 18:35 . 2009-04-11 06:28 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-07-15 08:49 . 2009-07-11 19:34 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712. 001\Scxpx86.dll
2009-07-15 08:49 . 2009-07-11 19:34 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712. 001\IDSXpx86.sys
2009-07-15 08:49 . 2009-07-11 19:34 293424 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712. 001\IDSvix86.sys
2009-07-15 08:49 . 2009-07-11 19:34 451960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712. 001\IDSxpx86.dll
2009-07-15 08:49 . 2009-07-11 19:34 397360 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712. 001\IDSviA64.sys
2009-07-15 08:47 . 2009-07-15 08:47 -------- d-----r- c:\program files\Norton Support
2009-07-15 08:12 . 2009-07-14 08:00 87888 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009071 4.039\naveng.sys
2009-07-15 08:12 . 2009-07-14 08:00 875728 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009071 4.039\navex15.sys
2009-07-15 08:12 . 2009-07-14 08:00 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009071 4.039\eeCtrl.sys
2009-07-15 08:12 . 2009-07-14 08:00 259368 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009071 4.039\ecmsvr32.dll
2009-07-15 08:12 . 2009-07-14 08:00 2414128 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009071 4.039\cceraser.dll
2009-07-15 08:12 . 2009-07-14 08:00 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009071 4.039\naveng32.dll
2009-07-15 08:12 . 2009-07-14 08:00 1181040 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009071 4.039\navex32a.dll
2009-07-15 08:12 . 2009-07-14 08:00 101936 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009071 4.039\eraser.sys
2009-07-15 07:51 . 2009-07-15 07:49 554352 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn. dll
2009-07-15 07:51 . 2009-07-15 07:51 -------- d-----w- c:\programdata\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-07-15 07:50 . 2009-07-15 07:50 -------- d-----w- c:\users\giancarlo\AppData\Local\Downloaded Installations
2009-07-15 07:50 . 2009-07-15 07:49 25136 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2009-07-15 07:50 . 2009-07-15 08:47 -------- d-----w- c:\program files\Symantec
2009-07-15 07:50 . 2009-07-15 07:50 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-07-15 07:49 . 2009-07-15 07:49 1290592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2009-07-15 07:49 . 2009-07-15 07:49 136840 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2009-07-15 07:49 . 2009-07-15 07:49 165240 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl. dll
2009-07-15 07:49 . 2009-07-15 07:49 796016 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2009-07-15 07:49 . 2009-07-15 07:49 -------- d-----w- c:\windows\system32\drivers\N360
2009-07-15 07:49 . 2009-07-15 07:49 -------- d-----w- c:\program files\Norton 360
2009-07-15 07:49 . 2009-07-15 07:52 -------- d-----w- c:\programdata\Norton
2009-07-15 07:49 . 2009-07-15 07:49 -------- d-----w- c:\programdata\NortonInstaller
2009-07-15 07:49 . 2009-07-15 07:49 -------- d-----w- c:\program files\NortonInstaller
2009-07-14 23:26 . 2009-07-14 23:26 -------- d-----w- c:\programdata\F-Secure
2009-07-11 19:34 . 2009-07-11 19:34 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\ID SXpx86.sys
2009-07-11 19:34 . 2009-07-11 19:34 293424 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\ID Svix86.sys
2009-07-11 19:34 . 2009-07-11 19:34 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Sc xpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 451960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\ID Sxpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 397360 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\ID SviA64.sys
2009-06-27 01:59 . 2009-06-27 01:59 746744 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlig ht\MCESpotlight\SpotlightResources.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-07-18 01:14 . 2008-03-22 04:16 -------- d-----w- c:\users\giancarlo\AppData\Roaming\Spare Backup
2009-07-18 01:13 . 2009-03-19 02:09 -------- d-----w- c:\users\giancarlo\AppData\Roaming\DNA
2009-07-18 01:09 . 2009-03-28 21:26 12 ----a-w- c:\windows\bthservsdp.dat
2009-07-17 07:56 . 2008-03-23 05:27 -------- d-----w- c:\users\giancarlo\AppData\Roaming\Skype
2009-07-17 07:06 . 2008-03-23 05:28 -------- d-----w- c:\users\giancarlo\AppData\Roaming\skypePM
2009-07-16 22:13 . 2009-03-31 23:47 -------- d-----w- c:\program files\Windows Live Safety Center
2009-07-16 01:52 . 2007-11-19 15:18 -------- d-----w- c:\program files\Java
2009-07-16 01:51 . 2007-11-19 15:18 -------- d-----w- c:\program files\BigFix
2009-07-16 01:51 . 2007-11-19 14:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-16 01:30 . 2009-03-19 02:09 -------- d-----w- c:\program files\BitTorrent
2009-07-15 20:11 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-07-15 20:11 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-07-15 20:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-15 20:11 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-07-15 20:11 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-07-15 20:11 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-07-15 20:11 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-07-15 20:09 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-15 20:05 . 2009-07-15 20:05 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_ 00_00.Wdf
2009-07-15 19:55 . 2007-11-19 14:49 -------- d-----w- c:\programdata\Symantec
2009-07-15 19:51 . 2006-11-02 12:37 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-07-15 07:55 . 2007-11-19 14:49 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-15 07:50 . 2009-07-15 07:50 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-07-15 07:50 . 2009-07-15 07:50 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-07-15 07:36 . 2008-03-22 04:16 -------- d-----w- c:\users\giancarlo\AppData\Roaming\Symantec
2009-07-15 06:53 . 2008-06-17 04:30 -------- d-----w- c:\users\giancarlo\AppData\Roaming\LimeWire
2009-07-15 02:17 . 2009-03-19 02:10 -------- d-----w- c:\users\giancarlo\AppData\Roaming\BitTorrent
2009-06-15 05:11 . 2009-06-15 05:07 -------- d-----w- c:\users\giancarlo\AppData\Roaming\Argali
2009-06-11 16:47 . 2007-11-19 15:10 -------- d-----w- c:\program files\Microsoft Works
2009-06-11 16:45 . 2007-11-19 15:14 -------- d-----w- c:\programdata\Microsoft Help
2009-06-10 07:25 . 2009-06-10 07:25 1878984 ----a-w- c:\users\giancarlo\AppData\Roaming\Macromedia\Flas h Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-06-02 16:55 . 2009-06-02 16:54 -------- d-----w- c:\program files\iTunes
2009-06-02 16:55 . 2009-06-02 16:55 -------- d-----w- c:\program files\iPod
2009-06-02 16:54 . 2008-03-22 05:35 -------- d-----w- c:\program files\Common Files\Apple
2009-06-02 16:52 . 2009-06-02 16:52 -------- d-----w- c:\program files\QuickTime
2009-06-02 16:43 . 2009-06-02 16:43 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-05-31 05:47 . 2008-03-26 20:18 -------- d-----w- c:\programdata\Avg7
2009-05-29 20:36 . 2009-05-29 20:36 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-29 20:36 . 2009-05-29 20:36 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-28 19:25 . 2008-03-24 23:52 -------- d-----w- c:\program files\DivX
2009-05-28 19:24 . 2009-05-28 19:24 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-05-23 06:01 . 2009-05-23 05:58 163188 ----a-w- c:\windows\hpqins00.dat
2009-05-21 18:33 . 2008-12-10 01:36 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-16 04:42 . 2009-05-16 04:41 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Brow se\NetTVResources.dll
2009-05-13 04:15 . 2008-03-22 04:16 70176 ----a-w- c:\users\giancarlo\AppData\Local\GDIPFONTCACHEV1.D AT
2009-04-23 17:37 . 2009-04-23 16:55 178413 ----a-w- c:\windows\hpwins20.dat
2009-04-23 12:15 . 2009-06-10 21:44 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:14 . 2009-06-10 21:44 623616 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:39 . 2009-06-10 21:44 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-06-13 01:38 . 2008-08-27 00:42 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2008-08-12 05:00 . 2008-08-12 05:00 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"BitTorrent DNA"="c:\users\giancarlo\Program Files\DNA\btdna.exe" [2009-03-20 321344]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Gateway\traybar.exe" [2007-06-30 638976]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-12 29744]
"Spare Backup"="c:\program files\Spare Backup\SpareBackup.exe" [2007-09-14 5252936]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-25 185872]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"SigmatelSysTrayApp"="sttray.exe" - c:\windows\sttray.exe [2007-07-27 405504]

c:\users\giancarlo\AppData\Roaming\Microsoft\Windo ws\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 19:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleD esktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):35,37,99,5d,8a,05,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{2318970D-A11D-4583-8C8A-BE7FF6079005}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F43D9129-2E55-4E92-BE35-2D38D1FB95F9}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2A121C95-83E6-46A9-93ED-4C952E432D7D}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{EAF56954-0F3E-4A8A-9129-08E22C0AAF0A}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{1E9CFBBB-3395-4A1D-9E31-109E6115F690}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{F5E1590C-A401-4DA4-9F62-3801D316A1CB}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{2558930D-5365-4EEC-86F1-01A11C69F55F}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{52AECB14-FFDC-4A1A-B691-A9A2D686895B}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C87C6660-24D9-4EDC-B1AE-7C0ABD35B39E}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A5D62467-7EF5-483C-9B5B-FA68087BEAAD}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{127E910E-B60A-43E9-935B-B3F434890D09}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{EF37A55D-64FF-40FD-A85A-54D260A56C89}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{C263FC78-8A86-4A0F-8B9A-265CB56C1E43}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{7FAFA730-DADC-4488-8099-E8328AF624A3}c:\\program files\\flashget\\flashget.exe"= UDP:c:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{D19DFFD4-FEA8-4C4E-AA6D-5BB495E2904D}c:\\program files\\flashget\\flashget.exe"= TCP:c:\program files\flashget\flashget.exe:FlashGet
"{F7B065C6-3FA8-4748-B268-9A0739237066}"= UDP:c:\users\giancarlo\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{747A16ED-CF69-4A1B-BEBB-2C99C0E3940D}"= TCP:c:\users\giancarlo\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{06177530-CF16-447F-8932-5487A5D8F901}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C7E0A7E5-5C0E-4366-9B71-B3262DB47D6D}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{586B1658-DD73-4355-BC5D-6411B504FDE7}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{AF010D2E-1758-4B9C-9D51-99B67D5CD780}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{6D6D5E69-6D4D-48AC-A86F-7F12325827D6}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{7E59DB41-3A41-4559-B06E-8825D8FCFAB0}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A3C8EC8F-C71F-4610-84E1-3E372319DAD3}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{3EC7EEFA-5169-45F6-8DDF-0F8A093A88FA}"= UDP:c:\program files\DNA\btdna.exe

NA (TCP-In)
"{B9F674E6-E5F2-45B8-9CF2-6F88C3248519}"= TCP:c:\program files\DNA\btdna.exe

NA (UDP-In)
"{6BB7E4D1-1E33-4D5B-A3E4-C819AA5637E3}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{36A30636-DC99-4BFF-BB96-538DDD1C9792}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{E717381D-327C-404A-A61B-6A2BF5BDF51F}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil_.exe:BlueSoleil
"{FE511DC3-A155-473C-AB0F-729123ADABC6}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil_.exe:BlueSoleil
"{EFA53AD6-F6BD-4483-91C7-311261DD6787}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{BF396DD1-A160-4AFC-BEA0-BF1335074EE9}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{DE57FC3F-FCCA-4E4F-A40A-224680C67F36}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{3489EA67-4DE4-41B4-B0A8-CA3165749524}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{989D1EFE-017C-4D6B-92A6-E1D2F840A141}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{2D223D3E-B1CD-4416-A0C1-23792D2D1AFB}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{2845725C-2105-4864-805C-A8C0ECB9CA57}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{5F11470F-0735-44CF-BBA9-50B2B2F78F5E}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{3527922D-83F9-4599-8D1A-14AF25706449}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{8963EB9C-8E2B-4995-8533-EA41043D4673}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{6EF6AA87-7D8B-48E9-AF78-90A3266A8789}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{FFEFC4A9-D3AB-4117-9698-7206F9CAC36C}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{AC29ECC5-CFD7-4432-AFC8-5713F2910E80}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{FD230721-FFFD-474C-8C03-D54C6AF68675}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{101E583A-665C-4E17-A6E4-856ECF8119BB}"= Disabled:UDP:e:\setup\HPZnui01.exe:hpznui01.exe
"{F50419D4-F5B6-499C-9E96-CC1D1ECF447A}"= Disabled:TCP:e:\setup\HPZnui01.exe:hpznui01.exe
"{85E69CA4-849E-499A-A1CA-C930B6F88419}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{A2CD0D56-C768-4E98-890B-635ECAF041C8}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorre nt

R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\N360\030000 0.087\SymEFA.sys [7/15/2009 12:49 AM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\N360\0300000.08 7\BHDrvx86.sys [7/15/2009 12:49 AM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\N360\0300000. 087\cchpx86.sys [7/15/2009 12:49 AM 482352]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715. 003\IDSvix86.sys [7/17/2009 3:35 PM 293424]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 72944]
R2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe -k bthaudiosvc [9/24/2008 11:06 AM 21504]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe [7/15/2009 12:49 AM 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/15/2009 10:01 PM 101936]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\RTL8187B.sys [1/13/2009 9:56 AM 346112]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\N360\0300000.08 7\symndisv.sys [7/15/2009 12:49 AM 39984]
S3 BthAudioHF;BthAudioHF Service;c:\windows\System32\drivers\BthAudioHF.sys [7/10/2008 3:44 PM 30208]
S3 bthav;Bluetooth AV Profile;c:\windows\System32\drivers\bthav.sys [7/10/2008 3:43 PM 34816]
S3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\System32\drivers\BthAvrcp.sys [7/10/2008 3:43 PM 15872]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [11/19/2007 8:17 AM 29744]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\System32\drivers\NETw2v32.sys [11/2/2006 3:25 AM 2589184]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
bthaudiosvc REG_MULTI_SZ HFGService
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-18 c:\windows\Tasks\User_Feed_Synchronization-{D5C9598D-4AB0-46DA-A46A-4B76527F8D6D}.job
- c:\windows\system32\msfeedssync.exe [2009-07-15 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_U S&Sys=PTB&M=T-1625
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
FF - ProfilePath - c:\users\giancarlo\AppData\Roaming\Mozilla\Firefox \Profiles\5kd16wlg.default\
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn. dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl. dll
FF - plugin: c:\program files\kSolo\npAVX.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\users\giancarlo\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

************************************************** ************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

************************************************** ************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N 360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.0.0.135\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Camera Assistant Software for Gateway\CEC_MAIN.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
************************************************** ************************
.
Completion time: 2009-07-18 18:19 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-18 01:19

Pre-Run: 129,182,126,080 bytes free
Post-Run: 128,988,856,320 bytes free

360 --- E O F --- 2009-07-15 21:20

gyan19 · #4 (**permalink**) 18-07-2009, 02:31 AM

Is it normal that my wallpaper changed and IE was added in my desktop? and also after scanning all of the programs wont open and has error message : illeal operation is attempting to open registry key marked for deletion??? then i rebooted my pc and wall paper changed... what happened...

broni · #5 (**permalink**) 18-07-2009, 02:35 AM

What is your situation with antivirus program(s), because Combofix doesn't show any?

Don't worry about any errors for now, and don't try to fix anything.

I'm just going through your Combofix log.

broni · #6 (**permalink**) 18-07-2009, 02:42 AM

Uninstall Combofix:
Go Start > Run
Type in:
combofix /u
Note the space between the "combofix" and the "/u"
Restart computer.

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in pop-up window to allow scan.
This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, select Complete scan.
Click the green arrow at the right, and the scan will start.
Click Yes to all if it asks if you want to cure/move the file.
When the scan has finished, in the menu, click File and choose Save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.

NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Download HijackThis:
TrendSecure | Download TrendMicro HijackThis
by clicking on Download HijackThis Installer
Install, and run it.
Post HijackTHis log.
Do NOT attempt to fix anything!

NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator