|"is it not possible to save this file on flash ?"|
Don't know, usually has to run on the Desktop.
Let's try Combofix, I have given you all the instructions, we will have to run it again later ( in other words we will run it more than once )
Scroll down to the Safe mode option for this run.
Run ComboFix. Copy & Paste the contents of the log please. ComboFix's log should be located at C:\COMBOFIX.TXT.
A guide and tutorial on using ComboFix
Manually restoring the Internet connection
"There are circumstances ComboFix will hang, crash or stall at various stages due to malware interference, failure to disable other real-time protection tools or the presence of CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) so that it does not complete successfully. Also, depending on how badly a system is infected, ComboFix may take longer to complete its routine than it normally does or fail to run properly. While that is not normal behavior, it is not unusual"
This program can enable and disable CD emulation, often required in removing difficult malware. Some CD Emulation programs use a hidden driver that may be seen as a rootkit or that will interfere with the proper operation of the anti-rootkit scanner.
If you think it's frozen, look at the computer clock.
If it's running, Combofix is still working.
Do not mouseclick combofix's window while it is running. That may cause it to stall.
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes.
If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.
Can't Install an Antivirus - Windows Security Center still detects previous AV
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
Note: If Combofix won't run.
1: Try Safe mode.
2: Rename Combofix.exe as you download it to winlogon.exe or Combo-Fix.exe or anything you like.
It is very important that save the newly renamed EXE file to your desktop.
You must rename Combofixe.exe as you download it and not after it is on your computer.
You may have to modify your browser settings if you use Firefox, so you can rename Combofix.exe as you download it. To do that:
Click Tools -> Options -> Main
Under the downloads section check the button that says "Always ask me where to save files".
For Internet Explorer:
Choose to save, not open the file
When prompted - save the file to your desktop, and rename it winlogon.exe.