PC Infected with malwares ... Please help

Sneakyone wrote:

Hi,

I have had that happen before and it worked fine, please continue with the installation and instructions and we will see what happens.

Dear Sneakyone,

I did go thru with the installing and when I try to Update or Scan the error (VbAccelerator Sgrid II Control) as showed in attached picture always comes up ... And the program (Anti_malwaresbytes) does not operate (when I press Update or Scan)

I try to uninstall & reinstall => the same thing happens (the program Anti_malwarebytes does not work/operate)

What should I do now ?

Hi,

Could you please run ComboFix again.

Sneakyone wrote:

Hi,

Could you please run ComboFix again.

Dear Sneakyone,

OK, I will run ComboFix again and will be back to report (post the ComboFix.log)

One more, I should report it to you ... Since the anti-malwarebytes does not work, I tried to uninstall & re-install it and this time this error came up (see picture please)



Regards,
SV

Dear Sneakyone,
Below is the rerun ComboFix's log
Regards,
SV
****

ComboFix 10-07-16.02 - Mr 07/23/2010 10:31:20.2.2 - x86
Running from: c:\documents and settings\Mr\desktop\commy.exe
Command switches used :: /stepdel
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\RKHit.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RKHIT


((((((((((((((((((((((((( Files Created from 2010-06-23 to 2010-07-23 )))))))))))))))))))))))))))))))
.

2010-07-20 19:09 . 2010-07-20 19:19 -------- d-----w- C:\commy4612c
2010-07-20 17:04 . 2010-07-20 17:06 -------- d-----w- C:\commy
2010-07-20 10:33 . 2010-07-20 10:33 3738809 ----a-w- c:\documents and settings\Mr\Application Data\IDM\DwnlData\Mr\ComboFix_974\ComboFix.exe
2010-07-19 18:09 . 2010-07-19 18:18 -------- d-----w- c:\program files\Perfect Uninstaller
2010-07-19 06:43 . 2010-07-19 06:43 -------- d-----w- c:\documents and settings\Mr\Local Settings\Application Data\VS Revo Group
2010-07-19 06:43 . 2009-12-30 04:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-07-19 06:43 . 2010-07-19 06:43 -------- d-----w- c:\program files\VS Revo Group
2010-07-17 16:54 . 2010-07-17 16:54 -------- d-----w- c:\program files\Common Files\Java
2010-07-17 16:53 . 2010-07-17 16:53 -------- d-----w- c:\program files\Sun
2010-07-17 16:52 . 2010-07-17 16:52 -------- d-----w- c:\program files\Java
2010-07-16 15:30 . 2010-07-20 03:24 -------- d-----w- c:\documents and settings\Mr\Local Settings\Application Data\Symantec
2010-07-16 06:46 . 2010-07-16 06:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Grass Valley
2010-07-16 06:39 . 2010-07-16 06:39 -------- d-----w- c:\program files\Grass Valley
2010-07-16 06:39 . 2010-07-16 06:39 -------- d-----w- c:\program files\Common Files\Grass Valley
2010-07-16 06:39 . 2007-08-24 09:09 3072 ----a-w- c:\windows\hasp_windows.dll
2010-07-16 06:39 . 2007-08-24 05:36 2560 ----a-w- c:\windows\system32\pavedius.dll
2010-07-15 07:52 . 2010-07-15 07:52 -------- d-----w- c:\documents and settings\Mr\Application Data\Cakewalk
2010-07-15 05:20 . 2010-07-15 05:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-07-15 05:14 . 2010-07-15 05:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-07-14 17:07 . 2010-07-14 17:21 -------- d-----w- c:\program files\Registry Easy
2010-07-14 16:55 . 2010-07-14 16:55 -------- d-----w- c:\documents and settings\Mr\Application Data\URSoft
2010-07-14 16:55 . 2010-07-22 02:44 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-14 16:55 . 2010-07-14 16:59 -------- d-----w- c:\program files\Your Uninstaller 2008
2010-07-13 14:57 . 2010-07-13 14:57 -------- d-----w- c:\documents and settings\Mr\Application Data\Malwarebytes
2010-07-13 06:46 . 2010-07-13 06:46 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-07-13 06:46 . 2010-07-13 06:46 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-07-13 06:46 . 2010-07-13 06:46 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-07-13 06:46 . 2010-07-13 06:46 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-07-13 06:46 . 2010-07-13 06:46 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-07-13 06:46 . 2010-07-13 06:46 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-07-13 04:28 . 2010-07-23 01:28 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-13 03:42 . 2010-07-13 03:42 -------- d-----w- c:\windows\Sun
2010-07-13 03:41 . 2010-07-13 03:41 503808 ----a-w- c:\documents and settings\Mr\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6a81bd30-n\msvcp71.dll
2010-07-13 03:41 . 2010-07-13 03:41 499712 ----a-w- c:\documents and settings\Mr\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6a81bd30-n\jmc.dll
2010-07-13 03:41 . 2010-07-13 03:41 348160 ----a-w- c:\documents and settings\Mr\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6a81bd30-n\msvcr71.dll
2010-07-13 03:41 . 2010-07-13 03:41 61440 ----a-w- c:\documents and settings\Mr\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-24e6d022-n\decora-sse.dll
2010-07-13 03:41 . 2010-07-13 03:41 12800 ----a-w- c:\documents and settings\Mr\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-24e6d022-n\decora-d3d.dll
2010-07-13 03:41 . 2010-07-17 16:53 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-08 14:53 . 2010-07-08 14:53 -------- d-----w- c:\documents and settings\Mr\Application Data\Avnex
2010-07-08 14:42 . 2010-07-08 15:44 -------- d-----w- c:\program files\AV Video Karaoke Maker
2010-07-08 13:37 . 2010-07-08 13:37 9005002 ----a-w- c:\windows\xuat.scr
2010-07-08 03:33 . 2010-07-08 03:34 -------- d-----w- c:\documents and settings\Mr\Application Data\Steinberg
2010-07-08 03:27 . 2007-12-08 17:32 87040 ----a-w- c:\windows\system32\ra32sipr.dll
2010-07-08 03:27 . 2007-12-08 17:32 72704 ----a-w- c:\windows\system32\ra3228_8.dll
2010-07-08 03:27 . 2007-12-08 17:32 21504 ----a-w- c:\windows\system32\ra32dnet.dll
2010-07-08 03:27 . 2007-12-08 17:32 85504 ----a-w- c:\windows\system32\encdnet.dll
2010-07-08 03:27 . 2007-12-08 17:32 81920 ----a-w- c:\windows\system32\ra3214_4.dll
2010-07-08 03:27 . 2007-12-08 17:32 61952 ----a-w- c:\windows\system32\decdnet.dll
2010-07-08 03:27 . 2007-12-08 17:32 487936 ----a-w- c:\windows\system32\rmbe3260.dll
2010-07-08 03:27 . 2007-12-08 17:32 352768 ----a-w- c:\windows\system32\pngu3263.dll
2010-07-08 03:27 . 2007-12-08 17:32 131072 ----a-w- c:\windows\system32\pneng50.dll
2010-07-08 03:27 . 2007-12-08 17:32 130560 ----a-w- c:\windows\system32\pnc3250.dll
2010-07-08 03:27 . 2010-07-08 17:43 -------- d-----w- c:\program files\Steinberg
2010-07-08 03:16 . 2005-05-09 13:08 33792 ----a-w- c:\windows\system32\drivers\cledx.sys
2010-07-08 03:15 . 2005-11-03 05:17 16896 ----a-w- c:\windows\system32\drivers\synasUSB.sys
2010-07-08 03:15 . 2005-11-03 10:14 45056 ----a-w- c:\windows\system32\Synsopos.exe
2010-07-08 03:15 . 2010-07-08 03:15 -------- d-----w- c:\program files\Syncrosoft
2010-07-08 03:15 . 2005-11-08 13:02 708608 ----a-w- c:\windows\system32\SYNSOACC.dll
2010-07-08 03:15 . 2005-11-08 04:20 147456 ----a-w- c:\windows\system32\SynsoLChk.dll
2010-07-07 04:38 . 2010-07-07 04:39 -------- d-----w- C:\Cakewalk Projects
2010-07-07 04:38 . 2010-07-07 04:39 -------- d-----w- c:\program files\Cakewalk
2010-07-07 04:38 . 2003-09-21 18:00 180224 ----a-w- c:\windows\system32\ReWire.dll
2010-07-02 14:40 . 2010-07-02 14:42 131072 ----a-w- c:\documents and settings\Mr\Application Data\Netscape\Plugins\npPxPlay.dll
2010-07-02 14:40 . 2010-07-02 14:42 131072 ----a-w- c:\documents and settings\Mr\Application Data\Mozilla\Plugins\npPxPlay.dll
2010-07-02 14:40 . 2010-07-02 14:40 -------- d-----w- c:\documents and settings\Mr\Application Data\Netscape
2010-07-02 14:37 . 2010-07-02 14:37 -------- d-----w- c:\documents and settings\Mr\Application Data\Photodex
2010-06-26 10:02 . 2010-06-26 10:02 -------- d-----w- c:\documents and settings\Mr\Local Settings\Application Data\Help
2010-06-23 09:16 . 2010-06-23 09:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-23 03:36 . 2010-05-18 11:12 -------- d-----w- c:\documents and settings\Mr\Application Data\DMCache
2010-07-22 14:21 . 2008-12-04 05:42 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-21 17:47 . 2010-06-19 12:36 27630760 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUPDATER\msgup1000_1270_us_u1.exe
2010-07-20 10:17 . 2009-12-07 08:16 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-20 00:39 . 2010-05-18 09:56 -------- d-----w- c:\program files\Bonjour
2010-07-19 05:38 . 2010-07-19 05:38 1536 ----a-w- c:\windows\~DFEE94.tmp
2010-07-19 05:38 . 2010-07-19 05:38 1536 ----a-w- c:\windows\~DF8D6F.tmp
2010-07-19 05:38 . 2010-07-19 05:36 1536 ----a-w- c:\windows\~DF816D.tmp
2010-07-19 05:25 . 2010-07-19 05:23 1536 ----a-w- c:\windows\~DFDBA5.tmp
2010-07-17 00:54 . 2010-05-19 16:07 -------- d-----w- c:\program files\TypingMaster
2010-07-16 06:42 . 2010-07-16 06:42 -------- d-----w- c:\program files\Common Files\Snell & Wilcox Shared
2010-07-16 06:42 . 2010-07-16 06:42 -------- d-----w- c:\program files\Common Files\Canopus Shared
2010-07-16 06:39 . 2008-12-04 05:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-14 17:36 . 2009-12-06 13:31 24 ----a-w- c:\windows\popcinfo.dat
2010-07-14 17:30 . 2009-12-06 13:33 -------- d-----w- c:\program files\PopCap Games
2010-07-14 17:19 . 2010-05-18 10:06 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-07-14 15:22 . 2010-05-25 19:14 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-07-13 07:20 . 2010-05-25 22:51 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-13 05:41 . 2010-05-18 11:12 -------- d-----w- c:\documents and settings\Mr\Application Data\IDM
2010-07-08 11:49 . 2008-12-04 05:46 126912 ----a-w- c:\documents and settings\Mr\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-07 04:38 . 2010-05-18 15:48 -------- d-----w- c:\program files\Sony
2010-06-29 04:36 . 2010-05-21 03:08 -------- d-----w- c:\program files\Pinnacle
2010-06-29 00:23 . 2010-05-19 02:02 0 ----a-w- c:\documents and settings\Mr\Local Settings\Application Data\prvlcl.dat
2010-06-22 12:32 . 2010-05-28 02:58 -------- d-----w- c:\program files\JetAudio
2010-06-21 13:45 . 2010-06-16 02:06 -------- d-----w- c:\documents and settings\Mr\Application Data\3D-Album
2010-06-16 13:39 . 2008-12-04 07:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-06-16 03:47 . 2010-06-16 03:37 -------- d-----w- c:\program files\Softonic-Eng7
2010-06-16 03:37 . 2010-06-16 03:37 -------- d-----w- c:\program files\Conduit
2010-06-15 00:23 . 2010-06-16 13:39 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUPDATER\yupdater.exe
2010-06-11 07:44 . 2010-05-19 15:58 -------- d-----w- c:\documents and settings\Mr\Application Data\MTD
2010-06-09 23:01 . 2010-07-13 07:19 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-06-09 23:01 . 2010-07-13 07:19 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-06-09 23:01 . 2010-07-13 07:19 133616 ------w- c:\windows\system32\pxafs.dll
2010-06-09 23:01 . 2010-07-13 07:19 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-06-09 23:01 . 2010-07-13 07:19 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-06-09 23:01 . 2010-05-18 04:09 45648 ------w- c:\windows\system32\drivers\pxhelp20.sys
2010-06-03 16:23 . 2010-05-18 07:31 765976 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-05-28 03:00 . 2010-05-28 03:00 -------- d-----w- c:\documents and settings\Mr\Application Data\COWON
2010-05-28 02:58 . 2010-05-28 02:58 -------- d-----w- c:\program files\Common Files\COWON
2010-05-28 02:24 . 2010-05-19 02:10 -------- d-----w- c:\program files\Winamp
2010-05-28 02:23 . 2010-05-26 23:45 -------- d-----w- c:\program files\Common Files\Common Share
2010-05-26 23:17 . 2010-05-26 23:17 -------- d-----w- c:\documents and settings\Mr\Application Data\Media Player Classic
2010-05-26 14:23 . 2010-05-21 03:26 -------- d-----w- c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2010-05-26 14:11 . 2010-05-18 17:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle
2010-05-25 19:37 . 2010-05-25 19:36 -------- d-----w- c:\documents and settings\Mr\Application Data\DivX
2010-05-21 23:40 . 2004-08-04 01:07 1033728 ----a-w- c:\windows\explorer.exe
2010-05-21 17:17 . 2010-05-21 17:16 598224 ----a-w- c:\documents and settings\Mr\Application Data\IDM\DwnlData\Mr\ADBEPHSPCS3_WWE_177\ADBEPHSPCS3_WWE.exe
2010-05-18 14:41 . 2010-05-18 14:40 1652025 ----a-w- c:\documents and settings\Mr\Application Data\IDM\DwnlData\Mr\IE8-WindowsXP-x86-ENU_11\IE8-WindowsXP-x86-ENU.exe
2010-05-18 14:37 . 2010-05-18 14:36 1924976 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-05-18 14:11 . 2010-05-18 14:11 0 ----a-w- c:\windows\nsreg.dat
2010-05-18 11:12 . 2010-05-18 11:12 198064 ----a-w- c:\documents and settings\Mr\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2010-05-18 08:52 . 2010-05-18 08:52 10134 ----a-r- c:\documents and settings\Mr\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2010-05-18 08:38 . 2010-05-18 08:38 2238 ----a-r- c:\documents and settings\Mr\Application Data\Microsoft\Installer\{FBCB2E21-9D56-4692-9369-2E1969E6F4B0}\ARPPRODUCTICON.exe
2010-05-18 04:01 . 2010-05-18 03:56 65536 ----a-r- c:\documents and settings\Mr\Application Data\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
2010-05-18 04:01 . 2010-05-18 03:56 10134 ----a-r- c:\documents and settings\Mr\Application Data\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\ARPPRODUCTICON.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-07-21_15.05.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-23 03:36 . 2010-07-23 03:36 16384 c:\windows\Temp\Perflib_Perfdata_798.dat
+ 2008-12-04 05:42 . 2010-07-22 14:21 2722 c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2008-12-04 05:42 . 2010-07-22 14:21 8972 c:\windows\pchealth\helpctr\Config\Cntstore.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSof1.dll" [2010-07-07 2515552]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 05:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2010-07-07 04:03 2515552 ----a-w- c:\program files\Softonic-Eng7\tbSof1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSof1.dll" [2010-07-07 2515552]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSof1.dll" [2010-07-07 2515552]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-04-30 2799024]
"Google Update"="c:\documents and settings\Mr\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-05-18 136176]
"UniKey"="d:\software me\unikey40RC2-1101-win32\UniKeyNT.exe" [2009-11-01 261632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-21 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-21 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-21 137752]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-08-15 30003200]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-28 286720]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-10 406016]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-10 307200]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"NexusServer"="c:\program files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" [2007-03-26 389120]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

R0 FsUdf;FsUdf; [x]
R0 fvdscsi;fvdscsi;c:\windows\system32\DRIVERS\fvdscsi.sys [x]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\DRIVERS\A3AB.sys [2007-05-23 547744]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27064]
R3 XDva279;XDva279;c:\windows\system32\XDva279.sys [x]
S1 SysLib1;SysLib1;c:\windows\System32\Drivers\SysLib1.sys [2009-12-08 1628160]
S1 SysLib3;SysLib3;c:\windows\System32\Drivers\SysLib3.sys [2009-12-08 4124160]
S2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-09 65536]
S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2008-07-25 845184]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-07-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 06:42]

2010-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-854245398-725345543-1003Core.job
- c:\documents and settings\Mr\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-18 14:38]

2010-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-854245398-725345543-1003UA.job
- c:\documents and settings\Mr\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-18 14:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2405280
uInternet Settings,ProxyOverride = local
uInternet Settings,ProxyServer = 69.20.4.229:3128
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=%s
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {930AE6CF-6BCC-4F58-AE0B-00E14CF8BA1D} = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\documents and settings\Mr\Application Data\Mozilla\Firefox\Profiles\lho8rogg.default\
FF - component: c:\documents and settings\Mr\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\documents and settings\Mr\Application Data\Mozilla\plugins\npPxPlay.dll
FF - plugin: c:\documents and settings\Mr\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-23 10:36
Windows 5.1.2600 Service Pack 3, v.3264 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):fd,40,ee,85,86,5b,25,83,20,65,32,da,37,7b,fd,65,14,0a,d1,75,6a,
dd,55,38,c6,37,e4,b7,ec,8a,ad,67,5a,b4,d8,9e,8a,eb,16,fb,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{c84960dc-4a37-4807-aaea-350ee721ddfe}]
@Denied: (Full) (Everyone)
"Model"=dword:000000c9
"Therad"=dword:00000009
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2528)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WS_FTP Pro\nsftpch.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe
.
**************************************************************************
.
Completion time: 2010-07-23 10:38:34 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-23 03:38
ComboFix2.txt 2010-07-21 15:07

Pre-Run: 4,435,091,456 bytes free
Post-Run: 4,476,743,680 bytes free

- - End Of File - - E07B983D89D1679372C8D470DFEFD623

Hi,

Could you please try to install Malwarebytes now?

Hi Sneakyone,

I uninstall & reinstall Malwarebytes and see the same errors




Regards,
SV

Hi,

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

• Click NO
  
• In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  
• Now click the Scan button.
  Once the scan is complete, you may receive another notice about rootkit activity.
  
• Click OK.
  
• GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  
• Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

Dear Sneakyone,

I did the GMER Scan and below is the log file.

Regards
SV

*****

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-23 23:18:41
Windows 5.1.2600 Service Pack 3, v.3264
Running: gmer.exe; Driver: C:\DOCUME~1\Mr\LOCALS~1\Temp\pxtdypog.sys


---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fastfat \Fat A65D7D20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeSniffers\VideoFilesContentSniffer@RelPattern *.asf?*.avi?*.divx?*.mov?*.mpeg?*.mpg?*.ogm?*.qt?*.rm?*.wmv?*.mkv?*.vob?*.m1v?*.m2v?*.swf?*.fli?*.flc?*.flic?*.dat?*.mp4?*.mpe?*.3gp?*.3g2?*.ts?*.tp?*.trp?*.k3g?*.flv?*.m4v?*.mpg?VIDEO\*.mpg?*.
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x46 0x47 0x15 0xB0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}@scansk 0xFD 0x40 0xEE 0x85 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0x50 0x93 0xE5 0xAB ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x97 0x20 0x4E 0x9A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{c84960dc-4a37-4807-aaea-350ee721ddfe}@Model 201
Reg HKLM\SOFTWARE\Classes\CLSID\{c84960dc-4a37-4807-aaea-350ee721ddfe}@Therad 9
Reg HKLM\SOFTWARE\Classes\CLSID\{c84960dc-4a37-4807-aaea-350ee721ddfe}@MData 0x73 0xD5 0xCF 0xB8 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xF8 0x31 0x0F 0xA9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- EOF - GMER 1.0.15 ----

Hi,

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe

• Double-click the launch.exe or cureit.exe file and Allow to run the express scan
  
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  
• Once the short scan has finished, just let it cure whatever it finds...
  o Now, go to Settings >> Change Settings
  o Go to Actions tab >> under Objects section, change the settings to below
  Infected objects - Cure
  Incurable objects - Report
  Suspicious objects - Report
  o Don't change any other settings
  
• Start the scan again. This time, choose Complete Scan
  
• Click the green arrow button at the right, and the scan will start.
  
• After the scan finished, click Select all
  
• Click on Cure and choose Report incurable (means take no actions.. Don't "move", or "rename" or "delete")
  
• When the scan has finished, in the menu, click File and choose Save report list
  
• Save the report to your Desktop. The report will be called DrWeb.csv
  
• Post DrWeb.csv in your next reply (Open it as Notepad).. Do NOT reboot the computer yet..
  

Dear Sneakyone,

I am sorry for late response ( I was out of town)
I am following your instructions to run Dr. Web Cure It
It found no virus as in the pictures and I can not "generate the report" required because nothing to choose => the buttons (select all , cure ... report ...) do not operate .

Below is the pictures => Please instruct me what to do next

# After the scan finished, click Select all
# Click on Cure and choose Report incurable (means take no actions.. Don't "move", or "rename" or "delete")
# When the scan has finished, in the menu, click File and choose Save report list
# Save the report to your Desktop. The report will be called DrWeb.csv
# Post DrWeb.csv in your next reply (Open it as Notepad).. Do NOT reboot the computer yet..

Hi.

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

Dear Sneakyone,

Since from last instruction

# Post DrWeb.csv in your next reply (Open it as Notepad).. Do NOT reboot the computer yet..

My question
Do I close Dr. Web CureIt or not? (When I run ESET Online Scanner)

Regards,
SV

Yes please close it.

Dear Sneakyone,
I finished scanning my PC with ESET Online Scanner and the log file is below:
Regards,
SV
***

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=6.00.2900.3264 (xpsp.071130-1425)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=547413f90892a744bdd0c1ef90c79633
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-07-27 12:55:36
# local_time=2010-07-27 07:55:36 (+0700, SE Asia Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3, v.3264
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=88973
# found=10
# cleaned=10
# scan_time=1512
C:\Program Files\AskTBar\bar\3.bin\A5POPSWT.DLL Win32/Toolbar.AskSBar application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Registry Easy\RegEasyCleaner.exe a variant of Win32/Adware.RegistryEasy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Registry Easy\RegEasyCleanerUpdate.exe Win32/Adware.RegistryEasy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\D\AutoRun.inf.vir Win32/AutoRun.VB.QH worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D2EC1658-917B-4601-B516-30ED508C78FF}\RP18\A0017291.DLL Win32/Toolbar.AskSBar application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D2EC1658-917B-4601-B516-30ED508C78FF}\RP18\A0017292.exe a variant of Win32/Adware.RegistryEasy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D2EC1658-917B-4601-B516-30ED508C78FF}\RP18\A0017293.exe Win32/Adware.RegistryEasy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\include\ident.txt IRC/Zapchast.P trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\include\mirc.ini IRC/Zapchast.P trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\include\updater.ini IRC/Tedeto.A worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Hi.

Could you please try to install Malwarebytes now?