Jump to content

Malware.Packer.Gen in USB Flash not getting removed


Recommended Posts

Hello Ahm4dK1ng! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

All of your problems are due to old and damaged antivirus protection. Please follow these instructions in Normal mode, not in Safe mode:

Step 1

Before we proceed with the cleaning we should immunize your USB flash drive to prevent further infection. Please do this following this tool:

http://www.pandasecurity.com/homeusers/downloads/usbvaccine/

Step 2

Please uninstall these applications:

µTorrent

Babylon toolbar on IE

BabylonObjectInstaller

BearShare

NOD32 FiX v2.1

Wincore MediaBar

Step 3

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 4

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 5

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • JRT log
  • aswMBR log
  • a new fresh DDS log

Link to post
Share on other sites

When I run aswMBR i get a bluescreen.

JRT:

Junkware Removal Tool (JRT) by Thisisu

Version: 2.5.6 (11.03.2012)

OS: Windows 7 Ultimate x86

Ran by NCC on Sat 11/03/2012 at 19:38:32.22

Blog: http://thisisudax.blogspot.com

**************************************************************

*** Services: 0 Detections

*** Registry Values: 0 Detections

*** Registry Keys:

Successfully deleted: [KEY] hkey_classes_root\clsid\{291bccc1-6890-484a-89d3-318c928dac1b}

Successfully deleted: [KEY] hkey_classes_root\clsid\{2eecd738-5844-4a99-b4b6-146bf802613b}

Successfully deleted: [KEY] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{2eecd738-5844-4a99-b4b6-146bf802613b}

Successfully deleted: [KEY] hkey_classes_root\clsid\{97f2ff5b-260c-4ccf-834a-2dda4e29e39e}

Successfully deleted: [KEY] hkey_classes_root\clsid\{b8276a94-891d-453c-9ff3-715c042a2575}

Successfully deleted: [KEY] hkey_classes_root\clsid\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}

Successfully deleted: [KEY] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}

Successfully deleted: [KEY] hkey_classes_root\clsid\{e46c8196-b634-44a1-af6e-957c64278ab1}

Successfully deleted: [KEY] hkey_classes_root\clsid\{f9e4a054-e9b1-4bc3-83a3-76a1ae736170}

Successfully deleted: [KEY] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{f9e4a054-e9b1-4bc3-83a3-76a1ae736170}

Successfully deleted: [KEY] hkey_classes_root\clsid\{ffb9adcb-8c79-4c29-81d3-74d46a93d370}

*** Files: 0 Detections

*** Folders:

Failed to delete: [FOLDER-LOCKED!] "C:\Users\NCC\AppData\Roaming\babylontoolbar"

Failed to delete: [FOLDER-LOCKED!] "C:\Program Files\hotspot shield"

*** Event Viewer Logs - Cleared

**************************************************************

Scan was completed on Sat 11/03/2012

Malwarebytes:

Malwarebytes Anti-Malware (PRO) 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.03.06

Windows 7 x86 NTFS

Internet Explorer 9.0.8112.16421

NCC :: SAED-HARDWARE [administrator]

Protection: Enabled

03/11/2012 07:30:49 م

mbam-log-2012-11-03 (19-30-49).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 221170

Time elapsed: 3 minute(s), 59 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 3

HKLM\SOFTWARE\Microsoft\Security Center|ANTIVIRUSDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

HKLM\SOFTWARE\Microsoft\Security Center|FIREWALLDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

HKLM\SOFTWARE\Microsoft\Security Center|UPDATESDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

DDS:

DDS (Ver_2012-10-19.01) - NTFS_x86

Internet Explorer: 9.0.8112.16421

Run by NCC at 14:34:01 on 2012-11-04

Microsoft Windows 7 Ultimate 6.1.7600.0.1256.962.1033.18.2943.1968 [GMT 2:00]

.

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Hotspot Shield\bin\openvpnas.exe

C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe

C:\Program Files\Hotspot Shield\bin\hsswd.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\mentalray\satellite\raysat_3dsmax2010_32server.exe

C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\Program Files\DAEMON Tools Lite\DTLite.exe

C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe

C:\Program Files\FILSHtray\FILSHtray.exe

C:\Program Files\Air Mouse\Air Mouse\Mobile Mouse Service.exe

C:\Users\NCC\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\NCC\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\NCC\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Panda USB Vaccine\USBVaccine.exe

C:\Users\NCC\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\ntvdm.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k secsvcs

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com

uWindow Title = Internet Explorer, optimized for Bing and MSN

uSearch Bar = hxxp://www.google.com

uSearch Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

uSearchAssistant = hxxp://www.google.com

BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} -

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: DataMngr: {B939CF93-F2CB-443d-956C-DC523D85C9DB} - c:\program files\bearshare applications\mediabar\datamngr\BrowserConnection.dll

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - c:\program files\common files\simple adblock\SimpleAdblock.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: @c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll

TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} -

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet

uRun: [Google Update] "c:\users\ncc\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [slackerElves] c:\program files\screenmates\ELVES.EXE

uRun: [KamikazeKat] c:\program files\screenmates\KKAT.EXE

uRun: [Dino] c:\program files\screenmates\GRANNYSM.EXE

uRun: [AdobeBridge] <no file>

mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE

mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"

mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\airmou~1.lnk - c:\program files\air mouse\air mouse\Air Mouse.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\filsht~1.lnk - c:\program files\filshtray\FILSHtray.exe

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

LSP: c:\windows\system32\imon.dll

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: NameServer = 192.168.1.1 0.0.0.0

TCP: Interfaces\{52DAA138-A873-4583-990D-79005EBCE273} : DHCPNameServer = 192.168.1.1 0.0.0.0

TCP: Interfaces\{7DF9E9C8-2977-4C4C-B16D-EA40C66524DF} : DHCPNameServer = 192.168.1.1 0.0.0.0

TCP: Interfaces\{E31BDAE0-33CC-4232-A9CC-75C8C16FA630} : DHCPNameServer = 8.8.8.8

SSODL: WebCheck - <orphaned>

SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL

mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\progra~1\windows mail\WinMail.exe" OCInstallUserConfigOE

.

============= SERVICES / DRIVERS ===============

.

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-6-22 242240]

R1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\drivers\hssdrv6.sys [2012-7-10 35560]

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2011-6-20 15424]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]

R2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2012-10-13 523632]

R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe [2012-10-12 389488]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-25 399432]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-25 676936]

R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-3-12 86016]

R2 mi-raysat_3dsmax2012_32;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 32-bit - English 32-bit;c:\program files\autodesk\3ds max 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe [2011-2-23 86016]

R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-6-25 2666880]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-11 22856]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-11-4 40776]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;خدمة تحديث Google (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-6-22 205808]

S2 NOD32krn;NOD32 Kernel Service;"c:\program files\eset\nod32krn.exe" --> c:\program files\eset\nod32krn.exe [?]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-29 250808]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 gupdatem;خدمة Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-6-22 205808]

S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr73.sys [2009-6-10 545792]

S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

.

=============== File Associations ===============

.

FileExt: .js: jsfile="c:\program files\adobe\adobe dreamweaver cs5.5\Dreamweaver.exe","%1"

ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs5.5\dreamweaver.exe", "%1"

.

=============== Created Last 30 ================

.

2012-11-04 12:30:59 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-11-03 17:22:06 -------- d--h--w- c:\windows\PIF

2012-11-03 17:18:04 -------- d-----w- c:\windows\ERUNT

2012-11-03 17:18:01 -------- d-----w- C:\JRT

2012-11-03 17:15:15 -------- d-----w- c:\programdata\Panda Security

2012-10-30 14:05:59 -------- d-----w- c:\users\ncc\appdata\roaming\Blender Foundation

2012-10-30 13:59:06 -------- d-----w- c:\users\ncc\.thumbnails

2012-10-29 14:19:29 20992 ----a-w- c:\windows\jestertb.dll

2012-10-26 15:03:39 -------- d-----w- c:\users\ncc\appdata\roaming\SUPERAntiSpyware.com

2012-10-26 15:03:32 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-10-26 06:22:12 -------- d-----w- c:\program files\common files\Simple Adblock

.

==================== Find3M ====================

.

2012-10-26 06:59:43 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-26 06:59:43 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-09-29 17:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-19 06:56:43 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-09-19 06:56:41 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-09-19 06:56:41 746984 ----a-w- c:\windows\system32\deployJava1.dll

.

============= FINISH: 14:34:40.76 ===============

Attach:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-10-19.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 20/06/2011 04:32:55 م

System Uptime: 04/11/2012 02:18:53 م (0 hours ago)

.

Motherboard: MSI | | MS-7399

Processor: Pentium® Dual-Core CPU E5200 @ 2.50GHz | CPU 1 | 2500/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 99 GiB total, 21.627 GiB free.

D: is FIXED (NTFS) - 99 GiB total, 87.681 GiB free.

E: is FIXED (NTFS) - 99 GiB total, 97.386 GiB free.

F: is CDROM ()

G: is CDROM ()

H: is CDROM ()

I: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: AMON

Device ID: ROOT\LEGACY_AMON\0000

Manufacturer:

Name: AMON

PNP Device ID: ROOT\LEGACY_AMON\0000

Service: AMON

.

Class GUID:

Description: Coprocessor

Device ID: PCI\VEN_10DE&DEV_07DA&SUBSYS_73991462&REV_A2\3&267A616A&0&1B

Manufacturer:

Name: Coprocessor

PNP Device ID: PCI\VEN_10DE&DEV_07DA&SUBSYS_73991462&REV_A2\3&267A616A&0&1B

Service:

.

Class GUID: {36fc9e60-c465-11cf-8056-444553540000}

Description: Unknown Device

Device ID: USB\VID_0000&PID_0000\5&D1BEDBD&0&7

Manufacturer: (Standard USB Host Controller)

Name: Unknown Device

PNP Device ID: USB\VID_0000&PID_0000\5&D1BEDBD&0&7

Service:

.

==== System Restore Points ===================

.

RP63: 16/09/2012 04:51:42 م - Scheduled Checkpoint

RP64: 19/09/2012 08:55:20 ص - Installed Java 7 Update 7

RP66: 26/09/2012 03:05:43 م - Installed DirectX

RP67: 03/10/2012 06:25:32 م - Scheduled Checkpoint

RP68: 26/10/2012 08:20:56 ص - Installed Simple Adblock

RP69: 26/10/2012 08:42:27 ص - Installed VirtualDJ Home FREE

RP70: 26/10/2012 10:37:40 ص - Installed Java 7 Update 9

RP71: 03/11/2012 07:27:25 م - Removed BabylonObjectInstaller

.

==== Installed Programs ======================

.

Adobe Acrobat X Pro - English, Français, Deutsch

Adobe AIR

Adobe Community Help

Adobe Content Viewer

Adobe Creative Suite 5.5 Master Collection

Adobe CSI CS4

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Illustrator CS4

Adobe Photoshop CS4

Adobe Search for Help

Adobe Service Manager Extension

Adobe Setup

Adobe Widget Browser

AIR iPad

AirXonix version 1.45

Allegorithmic Substance Designer 1.x

Allegorithmic Substance Extra Content for 3DSMax 2012 1.x

Allegorithmic Substance Player 1.x

Apple Software Update

ArchVision Dashboard

Astroburn Lite

Autodesk 3ds Max 2010 32-bit

Autodesk 3ds Max 2012 32-bit - English

Autodesk 3ds Max 2012 SDK

Autodesk Backburner 2012.0.0

Autodesk FBX Plug-in 2012.0 - 3ds Max 2012

Autodesk FBX Plugin 2009.4 - 3ds Max 2010

Autodesk Material Library 2012

Autodesk Material Library Base Resolution Image Library 2012

Autodesk Material Library Medium Resolution Image Library 2012

Autodesk Mudbox 2012 32-bit - English

Autodesk Network License Manager

AxySnake version 1.19

BabylonObjectInstaller

Bing Bar

Bing Bar Platform

Bing Rewards Client Installer

Bonjour

Composite 2012

Connect

Coupon Printer for Windows

DAEMON Tools Lite

FarmVilleBot 2.2.3.7

FILSHtray

Fraps (remove only)

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

Grand Theft Auto IV

Grand Theft Auto IV v1.0 Eng

Hotspot Shield 2.74

HP Deskjet 1050 J410 series Basic Device Software

HP Deskjet 1050 J410 series Help

HP Deskjet 1050 J410 series Product Improvement Study

HyperCam 3

K-Lite Codec Pack 4.1.7 (Full)

kuler

Magic ISO Maker v5.5 (build 0281)

Malwarebytes Anti-Malware version 1.65.1.1000

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Default Manager

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFCLOC_x86

Mobile Mouse Server

MSVCRT Redists

Panda USB Vaccine 1.0.1.4

PDF Settings CS5

PowerDVD

Project Rescue Africa

PxMergeModule

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

RealUpgrade 1.1

RESIDENT EVIL 5

ResidentEvil3

RPC Plug-in for Autodesk 3ds Max 2012 32-bit

San Andreas Mod Installer

Simple Adblock

SUPERAntiSpyware

TeamViewer 7

UltraISO Premium V9.52

VC Temptresses Screen Saver

Vegas Pro 10.0

VideoLAN VLC media player 0.8.6b

VirtualDJ Home FREE

Wincore MediaBar

Windows Movie Maker 2.6

WinRAR 4.20 (32-bit)

Yahoo! Messenger

.

==== Event Viewer Messages From Past Week ========

.

04/11/2012 03:15:13 م, Error: Service Control Manager [7000] - The NOD32 Kernel Service service failed to start due to the following error: The system cannot find the file specified.

04/11/2012 03:15:13 م, Error: Service Control Manager [7000] - The AMON service failed to start due to the following error: The system cannot find the file specified.

03/11/2012 10:27:32 م, Error: Service Control Manager [7000] - The NOD32 Kernel Service service failed to start due to the following error: The system cannot find the file specified.

03/11/2012 10:27:30 م, Error: Service Control Manager [7000] - The AMON service failed to start due to the following error: The system cannot find the file specified.

03/11/2012 08:36:39 م, Error: Service Control Manager [7000] - The NOD32 Kernel Service service failed to start due to the following error: The system cannot find the file specified.

03/11/2012 08:36:38 م, Error: Service Control Manager [7000] - The AMON service failed to start due to the following error: The system cannot find the file specified.

03/11/2012 08:06:12 م, Error: Service Control Manager [7000] - The NOD32 Kernel Service service failed to start due to the following error: The system cannot find the file specified.

03/11/2012 08:06:11 م, Error: Service Control Manager [7000] - The AMON service failed to start due to the following error: The system cannot find the file specified.

03/11/2012 08:06:11 م, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x00000000, 0x000000ff, 0x00000008, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 110312-13609-01.

03/11/2012 08:06:07 م, Error: EventLog [6008] - The previous system shutdown at 08:04:45 م on ‏03/‏11/‏2012 was unexpected.

03/11/2012 07:52:01 م, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x00000000, 0x000000ff, 0x00000008, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 110312-18687-01.

03/11/2012 07:51:58 م, Error: Service Control Manager [7000] - The NOD32 Kernel Service service failed to start due to the following error: The system cannot find the file specified.

03/11/2012 07:51:58 م, Error: Service Control Manager [7000] - The AMON service failed to start due to the following error: The system cannot find the file specified.

03/11/2012 07:51:57 م, Error: EventLog [6008] - The previous system shutdown at 07:49:23 م on ‏03/‏11/‏2012 was unexpected.

.

==== End Of File ===========================

Link to post
Share on other sites

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-11-04 15:01:40

-----------------------------

15:01:40.476 OS Version: Windows 6.1.7600

15:01:40.476 Number of processors: 2 586 0x1706

15:01:40.492 ComputerName: SAED-HARDWARE UserName: NCC

15:01:48.148 Initialize success

15:02:02.588 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-5

15:02:02.588 Disk 0 Vendor: WDC_WD3200AAJS-65M0A0 01.03E01 Size: 305245MB BusType: 3

15:02:02.604 Disk 0 MBR read successfully

15:02:02.620 Disk 0 MBR scan

15:02:02.620 Disk 0 Windows 7 default MBR code

15:02:02.620 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048

15:02:02.635 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 101648 MB offset 206848

15:02:02.651 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 101748 MB offset 208381952

15:02:02.682 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 101747 MB offset 416761856

15:02:02.682 Disk 0 scanning sectors +625139712

15:02:02.807 Disk 0 scanning C:\Windows\system32\drivers

15:02:12.363 Service scanning

15:02:42.847 Modules scanning

15:02:49.082 Disk 0 trace - called modules:

15:02:49.113 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys

15:02:49.113 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85c7d5b8]

15:02:49.128 3 CLASSPNP.SYS[8ac0459e] -> nt!IofCallDriver -> [0x8579a918]

15:02:49.144 5 ACPI.sys[8aa9c3b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T1L0-5[0x857a2908]

15:02:49.160 Scan finished successfully

15:02:58.910 Disk 0 MBR has been saved successfully to "C:\Users\NCC\Desktop\MBR.dat"

15:02:58.925 The log file has been saved successfully to "C:\Users\NCC\Desktop\aswMBR.txt"

Link to post
Share on other sites

(Run as admin)

Junkware Removal Tool (JRT) by Thisisu

Version: 2.5.6 (11.03.2012)

OS: Windows 7 Ultimate x86

Ran by NCC on Sun 11/04/2012 at 19:09:14.24

Blog: http://thisisudax.blogspot.com

**************************************************************

*** Services: 0 Detections

*** Registry Values: 0 Detections

*** Registry Keys: 0 Detections

*** Files: 0 Detections

*** Folders:

Failed to delete: [FOLDER-LOCKED!] "C:\Program Files\hotspot shield"

*** Event Viewer Logs - Cleared

**************************************************************

Scan was completed on Sun 11/04/2012 at 19:11:31.38

End of Report

Link to post
Share on other sites

Please locate and manually delete this folder:

C:\Program Files\hotspot shield

Next:

Note: Please do not run this tool without special supervision and instruction of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.