haipositive

I tried many times to remove Malwares in my flash disk but seems no hope. Here is MBAM log Flashdisk.txt

i followed your instruct, Kevin FRST.txt Addition.txt RKreport_SCN_07042014_215008.log

Please help me .

Here is the problem : - I tried all the ways to open my task manager but can't ,my administration tools also. - I ran Malwarebytes couple times but still found worms. don't know why . Here are logs . 1st time. Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 7/4/2014Scan Time: 6:48:32 PMLogfile: Administrator: Yes Version: 2.00.2.1012Malware Database: v2014.07.04.03Rootkit Database: v2014.07.03.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Enabled OS: Windows 7CPU: x86File System: NTFSUser: Admin Scan Type: Threat ScanResult: CompletedObjects Scanned: 290801Time Elapsed: 9 min, 47 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: WarnPUM: Enabled Processes: 1Worm.AutoRun, C:\Windows\System32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe, 2352, Delete-on-Reboot, [93f0267567144cea88ba0e4c6c94a759] Modules: 0(No malicious items detected) Registry Keys: 7Worm.AutoRun, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\msconfig.exe, Quarantined, [0e757c1fabd069cd370b2d2d2ed27789], Worm.AutoRun, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\auto.exe, Quarantined, [691ad2c9bdbe7eb8217b76ac37cc7c84], Worm.AutoRun, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\autorun.exe, Quarantined, [691ad2c9bdbe7eb8217b76ac37cc7c84], Worm.AutoRun, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\autoruns.exe, Quarantined, [691ad2c9bdbe7eb8217b76ac37cc7c84], Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\boot.exe, Quarantined, [3d4623784c2fbc7a1282b5a0d330f60a], Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ctfmon.exe, Quarantined, [b1d2623994e746f0bd51ec6a22e154ac], Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\procexp.exe, Quarantined, [9de6d8c3077496a083b482d7ab5847b9], Registry Values: 3Worm.AutoRun, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN, C:\WINDOWS\system\KEYBOARD.exe, Quarantined, [691a0299c7b40e28ae9477e3e020a65a]Risk.HiddenExt, HKLM\SOFTWARE\CLASSES\EXEFILE|NeverShowExt, 1, Quarantined, [d0b3bdde8cef11258539390848bbf50b]Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AUTORUN.EXE|Debugger, C:\WINDOWS\system32\drivers\drivers.cab.exe, Quarantined, [d3b06d2e95e68caad7edb34fec1705fb] Registry Data: 1Broken.OpenCommand, HKCR\regfile\shell\open\command, C:\WINDOWS\pchealth\Global.exe, Good: (regedit.exe "Bad: (C:\WINDOWS\pchealth\Global.exe),Replaced,[ffffffffffffffffffffffffffffffff]"), %5 Folders: 1Trojan.Agent, C:\Windows\System32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}, Delete-on-Reboot, [bdc642591368ba7c0f166e250101b848], Files: 11Worm.AutoRun, C:\Windows\System32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe, Delete-on-Reboot, [93f0267567144cea88ba0e4c6c94a759], Worm.AutoRun, C:\Windows\system\KEYBOARD.exe, Quarantined, [691a0299c7b40e28ae9477e3e020a65a], Worm.AutoRun, C:\MS-DOS.com, Quarantined, [5d26752685f69e9852f0c694ee128779], Spyware.Password, C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jsapbguq.exe, Delete-on-Reboot, [86fdd5c6017a6ccadac50d85de236a96], Worm.AutoRun, C:\Windows\System32\regedit.exe, Quarantined, [671cc5d67209cc6a1f2385d5a55b38c8], Worm.AutoRun, C:\Windows\Help\microsoft.hlp, Quarantined, [b2d1415a0f6c47ef8ab82d2d679953ad], Worm.AutoRun, C:\Windows\Media\rndll32.pif, Quarantined, [0e757c1fabd069cd370b2d2d2ed27789], Worm.AutoRun, C:\Windows\System32\dllcache\Global.exe, Quarantined, [c9baf9a2b0cb152114c7948de61d2dd3], Worm.AutoRun, C:\Windows\System32\drivers\drivers.cab.exe, Quarantined, [691ad2c9bdbe7eb8217b76ac37cc7c84], Worm.AutoRun, C:\Windows\Cursors\Boom.vbs, Quarantined, [97ecf0abdaa19e98144d73c5cb384fb1], Worm.AutoRun, C:\Windows\PCHEALTH\Global.exe, Quarantined, [fb88d6c5c4b70333c60f1427788bd32d], Physical Sectors: 0(No malicious items detected) (end) . 2nd timeMalwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 7/4/2014Scan Time: 8:37:50 PMLogfile: Administrator: Yes Version: 2.00.2.1012Malware Database: v2014.07.04.04Rootkit Database: v2014.07.03.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Enabled OS: Windows 7CPU: x86File System: NTFSUser: Admin Scan Type: Threat ScanResult: CompletedObjects Scanned: 292290Time Elapsed: 10 min, 1 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: WarnPUM: Enabled Processes: 1Worm.AutoRun, C:\Windows\System32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe, 2328, Delete-on-Reboot, [150de8b359223cfa61ee8ad01ce4d927] Modules: 0(No malicious items detected) Registry Keys: 7Worm.AutoRun, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\msconfig.exe, Quarantined, [56ccb7e4c3b8102673dc7ae02fd1d22e], Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\auto.exe, Quarantined, [2bf77b20502be84e8a9afb5adc27bb45], Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\autorun.exe, Quarantined, [61c15c3fd7a40036b96fce87867dd42c], Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\autoruns.exe, Quarantined, [d74bb8e363187bbbf13a42130201bb45], Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\boot.exe, Quarantined, [a0823764384369cd736b5401897a49b7], Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ctfmon.exe, Quarantined, [53cf4b505724da5cce8ab89e946f21df], Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\procexp.exe, Quarantined, [dd451c7fb0cbc175dfa2ef6ac24137c9], Registry Values: 4Worm.AutoRun, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN, C:\WINDOWS\system\KEYBOARD.exe, Quarantined, [d84ab0eb9ae19f97e06f0b4f88784ab6]Risk.HiddenExt, HKLM\SOFTWARE\CLASSES\EXEFILE|NeverShowExt, 1, Quarantined, [889a5a41e8939f973dcb4ef4f2112dd3]Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AUTORUN.EXE|Debugger, C:\WINDOWS\system32\drivers\drivers.cab.exe, Quarantined, [051d7e1d2a51d462fa1421e29c6734cc]Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RUNDLL32.EXE|Debugger, C:\WINDOWS\Fonts\Fonts.exe, Quarantined, [26fce8b3bac166d05f751546956e639d] Registry Data: 1Broken.OpenCommand, HKCR\regfile\shell\open\command, C:\WINDOWS\pchealth\Global.exe, Good: (regedit.exe "Bad: (C:\WINDOWS\pchealth\Global.exe),Replaced,[ffffffffffffffffffffffffffffffff]"), %5 Folders: 1Trojan.Agent, C:\Windows\System32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}, Delete-on-Reboot, [6db50497fa812f0792ba157e4bb707f9], Files: 11Worm.AutoRun, C:\WINDOWS\SYSTEM32\drivers\drivers.cab.exe, Delete-on-Reboot, [232105686b44b2ead8da75512f0ace6b], Worm.AutoRun, C:\Windows\System32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe, Delete-on-Reboot, [150de8b359223cfa61ee8ad01ce4d927], Worm.AutoRun, C:\Windows\system\KEYBOARD.exe, Quarantined, [d84ab0eb9ae19f97e06f0b4f88784ab6], Worm.AutoRun, C:\MS-DOS.com, Quarantined, [a47ef9a22d4e1f17400f8bcf956b3cc4], Spyware.Password, C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jsapbguq.exe, Delete-on-Reboot, [cb57207b205b84b23e6df2a0a45d7789], Worm.AutoRun, C:\Windows\System32\regedit.exe, Quarantined, [c9596338512aab8be867e07ac040a45c], Worm.AutoRun, C:\Windows\Help\microsoft.hlp, Quarantined, [ad753566ccaf10264d024515df2136ca], Worm.AutoRun, C:\Windows\Media\rndll32.pif, Quarantined, [56ccb7e4c3b8102673dc7ae02fd1d22e], Worm.AutoRun, C:\Windows\System32\dllcache\Global.exe, Quarantined, [4ed49506df9c2f07ed3880a237cc06fa], Worm.AutoRun, C:\Windows\Cursors\Boom.vbs, Quarantined, [9b87d4c7a8d34ceabdee39ff9370ac54], Worm.AutoRun, C:\Windows\PCHEALTH\Global.exe, Quarantined, [a280960590eb8aac63bc2f0dcf34e21e], Physical Sectors: 0(No malicious items detected) (end)