Ahm4dK1ng

(Run as admin) Junkware Removal Tool (JRT) by Thisisu Version: 2.5.6 (11.03.2012) OS: Windows 7 Ultimate x86 Ran by NCC on Sun 11/04/2012 at 19:09:14.24 Blog: http://thisisudax.blogspot.com ************************************************************** *** Services: 0 Detections *** Registry Values: 0 Detections *** Registry Keys: 0 Detections *** Files: 0 Detections *** Folders: Failed to delete: [FOLDER-LOCKED!] "C:\Program Files\hotspot shield" *** Event Viewer Logs - Cleared ************************************************************** Scan was completed on Sun 11/04/2012 at 19:11:31.38 End of Report

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-11-04 15:01:40 ----------------------------- 15:01:40.476 OS Version: Windows 6.1.7600 15:01:40.476 Number of processors: 2 586 0x1706 15:01:40.492 ComputerName: SAED-HARDWARE UserName: NCC 15:01:48.148 Initialize success 15:02:02.588 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-5 15:02:02.588 Disk 0 Vendor: WDC_WD3200AAJS-65M0A0 01.03E01 Size: 305245MB BusType: 3 15:02:02.604 Disk 0 MBR read successfully 15:02:02.620 Disk 0 MBR scan 15:02:02.620 Disk 0 Windows 7 default MBR code 15:02:02.620 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 15:02:02.635 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 101648 MB offset 206848 15:02:02.651 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 101748 MB offset 208381952 15:02:02.682 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 101747 MB offset 416761856 15:02:02.682 Disk 0 scanning sectors +625139712 15:02:02.807 Disk 0 scanning C:\Windows\system32\drivers 15:02:12.363 Service scanning 15:02:42.847 Modules scanning 15:02:49.082 Disk 0 trace - called modules: 15:02:49.113 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 15:02:49.113 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85c7d5b8] 15:02:49.128 3 CLASSPNP.SYS[8ac0459e] -> nt!IofCallDriver -> [0x8579a918] 15:02:49.144 5 ACPI.sys[8aa9c3b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T1L0-5[0x857a2908] 15:02:49.160 Scan finished successfully 15:02:58.910 Disk 0 MBR has been saved successfully to "C:\Users\NCC\Desktop\MBR.dat" 15:02:58.925 The log file has been saved successfully to "C:\Users\NCC\Desktop\aswMBR.txt"

When I run aswMBR i get a bluescreen. JRT: Junkware Removal Tool (JRT) by Thisisu Version: 2.5.6 (11.03.2012) OS: Windows 7 Ultimate x86 Ran by NCC on Sat 11/03/2012 at 19:38:32.22 Blog: http://thisisudax.blogspot.com ************************************************************** *** Services: 0 Detections *** Registry Values: 0 Detections *** Registry Keys: Successfully deleted: [KEY] hkey_classes_root\clsid\{291bccc1-6890-484a-89d3-318c928dac1b} Successfully deleted: [KEY] hkey_classes_root\clsid\{2eecd738-5844-4a99-b4b6-146bf802613b} Successfully deleted: [KEY] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{2eecd738-5844-4a99-b4b6-146bf802613b} Successfully deleted: [KEY] hkey_classes_root\clsid\{97f2ff5b-260c-4ccf-834a-2dda4e29e39e} Successfully deleted: [KEY] hkey_classes_root\clsid\{b8276a94-891d-453c-9ff3-715c042a2575} Successfully deleted: [KEY] hkey_classes_root\clsid\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} Successfully deleted: [KEY] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} Successfully deleted: [KEY] hkey_classes_root\clsid\{e46c8196-b634-44a1-af6e-957c64278ab1} Successfully deleted: [KEY] hkey_classes_root\clsid\{f9e4a054-e9b1-4bc3-83a3-76a1ae736170} Successfully deleted: [KEY] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{f9e4a054-e9b1-4bc3-83a3-76a1ae736170} Successfully deleted: [KEY] hkey_classes_root\clsid\{ffb9adcb-8c79-4c29-81d3-74d46a93d370} *** Files: 0 Detections *** Folders: Failed to delete: [FOLDER-LOCKED!] "C:\Users\NCC\AppData\Roaming\babylontoolbar" Failed to delete: [FOLDER-LOCKED!] "C:\Program Files\hotspot shield" *** Event Viewer Logs - Cleared ************************************************************** Scan was completed on Sat 11/03/2012 Malwarebytes: Malwarebytes Anti-Malware (PRO) 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.03.06 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 NCC :: SAED-HARDWARE [administrator] Protection: Enabled 03/11/2012 07:30:49 م mbam-log-2012-11-03 (19-30-49).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 221170 Time elapsed: 3 minute(s), 59 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 3 HKLM\SOFTWARE\Microsoft\Security Center|ANTIVIRUSDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. HKLM\SOFTWARE\Microsoft\Security Center|FIREWALLDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. HKLM\SOFTWARE\Microsoft\Security Center|UPDATESDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) DDS: DDS (Ver_2012-10-19.01) - NTFS_x86 Internet Explorer: 9.0.8112.16421 Run by NCC at 14:34:01 on 2012-11-04 Microsoft Windows 7 Ultimate 6.1.7600.0.1256.962.1033.18.2943.1968 [GMT 2:00] . SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\System32\spoolsv.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Hotspot Shield\bin\openvpnas.exe C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe C:\Program Files\Hotspot Shield\bin\hsswd.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\mentalray\satellite\raysat_3dsmax2010_32server.exe C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskhost.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Program Files\Real\RealPlayer\Update\realsched.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe C:\Program Files\FILSHtray\FILSHtray.exe C:\Program Files\Air Mouse\Air Mouse\Mobile Mouse Service.exe C:\Users\NCC\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\NCC\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\NCC\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Panda USB Vaccine\USBVaccine.exe C:\Users\NCC\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\ntvdm.exe C:\Windows\system32\conhost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k secsvcs . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com uWindow Title = Internet Explorer, optimized for Bing and MSN uSearch Bar = hxxp://www.google.com uSearch Page = hxxp://www.google.com mStart Page = hxxp://www.google.com uSearchAssistant = hxxp://www.google.com BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: DataMngr: {B939CF93-F2CB-443d-956C-DC523D85C9DB} - c:\program files\bearshare applications\mediabar\datamngr\BrowserConnection.dll BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - c:\program files\common files\simple adblock\SimpleAdblock.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: @c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet uRun: [Google Update] "c:\users\ncc\appdata\local\google\update\GoogleUpdate.exe" /c uRun: [slackerElves] c:\program files\screenmates\ELVES.EXE uRun: [KamikazeKat] c:\program files\screenmates\KKAT.EXE uRun: [Dino] c:\program files\screenmates\GRANNYSM.EXE uRun: [AdobeBridge] <no file> mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe" mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe" mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe" mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\airmou~1.lnk - c:\program files\air mouse\air mouse\Air Mouse.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\filsht~1.lnk - c:\program files\filshtray\FILSHtray.exe mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html LSP: c:\windows\system32\imon.dll DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: NameServer = 192.168.1.1 0.0.0.0 TCP: Interfaces\{52DAA138-A873-4583-990D-79005EBCE273} : DHCPNameServer = 192.168.1.1 0.0.0.0 TCP: Interfaces\{7DF9E9C8-2977-4C4C-B16D-EA40C66524DF} : DHCPNameServer = 192.168.1.1 0.0.0.0 TCP: Interfaces\{E31BDAE0-33CC-4232-A9CC-75C8C16FA630} : DHCPNameServer = 8.8.8.8 SSODL: WebCheck - <orphaned> SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\progra~1\windows mail\WinMail.exe" OCInstallUserConfigOE . ============= SERVICES / DRIVERS =============== . R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-6-22 242240] R1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\drivers\hssdrv6.sys [2012-7-10 35560] R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2011-6-20 15424] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960] R2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2012-10-13 523632] R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe [2012-10-12 389488] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-25 399432] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-25 676936] R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-3-12 86016] R2 mi-raysat_3dsmax2012_32;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 32-bit - English 32-bit;c:\program files\autodesk\3ds max 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe [2011-2-23 86016] R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-6-25 2666880] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-11 22856] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-11-4 40776] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;خدمة تحديث Google (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-6-22 205808] S2 NOD32krn;NOD32 Kernel Service;"c:\program files\eset\nod32krn.exe" --> c:\program files\eset\nod32krn.exe [?] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-29 250808] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 gupdatem;خدمة Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-6-22 205808] S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr73.sys [2009-6-10 545792] S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] . =============== File Associations =============== . FileExt: .js: jsfile="c:\program files\adobe\adobe dreamweaver cs5.5\Dreamweaver.exe","%1" ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs5.5\dreamweaver.exe", "%1" . =============== Created Last 30 ================ . 2012-11-04 12:30:59 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-11-03 17:22:06 -------- d--h--w- c:\windows\PIF 2012-11-03 17:18:04 -------- d-----w- c:\windows\ERUNT 2012-11-03 17:18:01 -------- d-----w- C:\JRT 2012-11-03 17:15:15 -------- d-----w- c:\programdata\Panda Security 2012-10-30 14:05:59 -------- d-----w- c:\users\ncc\appdata\roaming\Blender Foundation 2012-10-30 13:59:06 -------- d-----w- c:\users\ncc\.thumbnails 2012-10-29 14:19:29 20992 ----a-w- c:\windows\jestertb.dll 2012-10-26 15:03:39 -------- d-----w- c:\users\ncc\appdata\roaming\SUPERAntiSpyware.com 2012-10-26 15:03:32 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-10-26 06:22:12 -------- d-----w- c:\program files\common files\Simple Adblock . ==================== Find3M ==================== . 2012-10-26 06:59:43 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-26 06:59:43 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-09-29 17:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-19 06:56:43 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-09-19 06:56:41 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-09-19 06:56:41 746984 ----a-w- c:\windows\system32\deployJava1.dll . ============= FINISH: 14:34:40.76 =============== Attach: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-10-19.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 20/06/2011 04:32:55 م System Uptime: 04/11/2012 02:18:53 م (0 hours ago) . Motherboard: MSI | | MS-7399 Processor: Pentium® Dual-Core CPU E5200 @ 2.50GHz | CPU 1 | 2500/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 99 GiB total, 21.627 GiB free. D: is FIXED (NTFS) - 99 GiB total, 87.681 GiB free. E: is FIXED (NTFS) - 99 GiB total, 97.386 GiB free. F: is CDROM () G: is CDROM () H: is CDROM () I: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: AMON Device ID: ROOT\LEGACY_AMON\0000 Manufacturer: Name: AMON PNP Device ID: ROOT\LEGACY_AMON\0000 Service: AMON . Class GUID: Description: Coprocessor Device ID: PCI\VEN_10DE&DEV_07DA&SUBSYS_73991462&REV_A2\3&267A616A&0&1B Manufacturer: Name: Coprocessor PNP Device ID: PCI\VEN_10DE&DEV_07DA&SUBSYS_73991462&REV_A2\3&267A616A&0&1B Service: . Class GUID: {36fc9e60-c465-11cf-8056-444553540000} Description: Unknown Device Device ID: USB\VID_0000&PID_0000\5&D1BEDBD&0&7 Manufacturer: (Standard USB Host Controller) Name: Unknown Device PNP Device ID: USB\VID_0000&PID_0000\5&D1BEDBD&0&7 Service: . ==== System Restore Points =================== . RP63: 16/09/2012 04:51:42 م - Scheduled Checkpoint RP64: 19/09/2012 08:55:20 ص - Installed Java 7 Update 7 RP66: 26/09/2012 03:05:43 م - Installed DirectX RP67: 03/10/2012 06:25:32 م - Scheduled Checkpoint RP68: 26/10/2012 08:20:56 ص - Installed Simple Adblock RP69: 26/10/2012 08:42:27 ص - Installed VirtualDJ Home FREE RP70: 26/10/2012 10:37:40 ص - Installed Java 7 Update 9 RP71: 03/11/2012 07:27:25 م - Removed BabylonObjectInstaller . ==== Installed Programs ====================== . Adobe Acrobat X Pro - English, Français, Deutsch Adobe AIR Adobe Community Help Adobe Content Viewer Adobe Creative Suite 5.5 Master Collection Adobe CSI CS4 Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Illustrator CS4 Adobe Photoshop CS4 Adobe Search for Help Adobe Service Manager Extension Adobe Setup Adobe Widget Browser AIR iPad AirXonix version 1.45 Allegorithmic Substance Designer 1.x Allegorithmic Substance Extra Content for 3DSMax 2012 1.x Allegorithmic Substance Player 1.x Apple Software Update ArchVision Dashboard Astroburn Lite Autodesk 3ds Max 2010 32-bit Autodesk 3ds Max 2012 32-bit - English Autodesk 3ds Max 2012 SDK Autodesk Backburner 2012.0.0 Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 Autodesk FBX Plugin 2009.4 - 3ds Max 2010 Autodesk Material Library 2012 Autodesk Material Library Base Resolution Image Library 2012 Autodesk Material Library Medium Resolution Image Library 2012 Autodesk Mudbox 2012 32-bit - English Autodesk Network License Manager AxySnake version 1.19 BabylonObjectInstaller Bing Bar Bing Bar Platform Bing Rewards Client Installer Bonjour Composite 2012 Connect Coupon Printer for Windows DAEMON Tools Lite FarmVilleBot 2.2.3.7 FILSHtray Fraps (remove only) Google Chrome Google Toolbar for Internet Explorer Google Update Helper Grand Theft Auto IV Grand Theft Auto IV v1.0 Eng Hotspot Shield 2.74 HP Deskjet 1050 J410 series Basic Device Software HP Deskjet 1050 J410 series Help HP Deskjet 1050 J410 series Product Improvement Study HyperCam 3 K-Lite Codec Pack 4.1.7 (Full) kuler Magic ISO Maker v5.5 (build 0281) Malwarebytes Anti-Malware version 1.65.1.1000 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Default Manager Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFCLOC_x86 Mobile Mouse Server MSVCRT Redists Panda USB Vaccine 1.0.1.4 PDF Settings CS5 PowerDVD Project Rescue Africa PxMergeModule RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer RealUpgrade 1.1 RESIDENT EVIL 5 ResidentEvil3 RPC Plug-in for Autodesk 3ds Max 2012 32-bit San Andreas Mod Installer Simple Adblock SUPERAntiSpyware TeamViewer 7 UltraISO Premium V9.52 VC Temptresses Screen Saver Vegas Pro 10.0 VideoLAN VLC media player 0.8.6b VirtualDJ Home FREE Wincore MediaBar Windows Movie Maker 2.6 WinRAR 4.20 (32-bit) Yahoo! Messenger . ==== Event Viewer Messages From Past Week ======== . 04/11/2012 03:15:13 م, Error: Service Control Manager [7000] - The NOD32 Kernel Service service failed to start due to the following error: The system cannot find the file specified. 04/11/2012 03:15:13 م, Error: Service Control Manager [7000] - The AMON service failed to start due to the following error: The system cannot find the file specified. 03/11/2012 10:27:32 م, Error: Service Control Manager [7000] - The NOD32 Kernel Service service failed to start due to the following error: The system cannot find the file specified. 03/11/2012 10:27:30 م, Error: Service Control Manager [7000] - The AMON service failed to start due to the following error: The system cannot find the file specified. 03/11/2012 08:36:39 م, Error: Service Control Manager [7000] - The NOD32 Kernel Service service failed to start due to the following error: The system cannot find the file specified. 03/11/2012 08:36:38 م, Error: Service Control Manager [7000] - The AMON service failed to start due to the following error: The system cannot find the file specified. 03/11/2012 08:06:12 م, Error: Service Control Manager [7000] - The NOD32 Kernel Service service failed to start due to the following error: The system cannot find the file specified. 03/11/2012 08:06:11 م, Error: Service Control Manager [7000] - The AMON service failed to start due to the following error: The system cannot find the file specified. 03/11/2012 08:06:11 م, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x00000000, 0x000000ff, 0x00000008, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 110312-13609-01. 03/11/2012 08:06:07 م, Error: EventLog [6008] - The previous system shutdown at 08:04:45 م on ‏03/‏11/‏2012 was unexpected. 03/11/2012 07:52:01 م, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x00000000, 0x000000ff, 0x00000008, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 110312-18687-01. 03/11/2012 07:51:58 م, Error: Service Control Manager [7000] - The NOD32 Kernel Service service failed to start due to the following error: The system cannot find the file specified. 03/11/2012 07:51:58 م, Error: Service Control Manager [7000] - The AMON service failed to start due to the following error: The system cannot find the file specified. 03/11/2012 07:51:57 م, Error: EventLog [6008] - The previous system shutdown at 07:49:23 م on ‏03/‏11/‏2012 was unexpected. . ==== End Of File ===========================

everytime i run aswmbr, my i get a blue screen...

When i ran aswMBR and clicked scan my pc shut down immediately(blue screen) should i run it again?

When i scan my Flash memory i get Malware.Packer.Gen , when i run a complete scan and remove it,it keeps coming back to the flash memory. and it infected my other computer because i used the flash, now its in 2 PCs and cannot remove it with malwarebytes, is there a way to remove it completely? attach.txt dds.txt mbam-log.txt

When i scan my Flash memory i get Malware.Packer.Gen , when i run a complete scan and remove it,it keeps coming back to the flash memory. and it infected my other computer because i used the flash, now its in 2 PCs and cannot remove it with malwarebytes, is there a way to remove it completely? Log: Malwarebytes Anti-Malware (PRO) 1.65.1.1000 Database version: v2012.11.03.03 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 NCC :: SAED-HARDWARE [administrator] Protection: Enabled 03/11/2012 01:36:16 م mbam-log-2012-11-03 (13-36-16).txt Scan type: Full scan (I:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 70595 Time elapsed: 2 minute(s), 4 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 I:\rduqnk.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully. (end)