Cannot download mb- i need some guidance.

[pamiat]

Hello and thanks in advance to anyone who helps out.

I noticed videos not loading and downloads failing so I assumed I was infected.

My avast scanned and found nearly 40 trojans on pc. When I tried to update my version of MB the attempt was not successful.

I disabled avast, uninstalled and tried installing the latest version of malwarebytes but I get this message:

"mbam-setup-1.61.0.1400.exe.part could not be saved, because the source file could not be read."

I have not gone through all the forum topics for a solution, please redirect me to the proper topic if the problem has been mentioned before, or let me know what should be done in this topic.

[Maniac]

Hello pamiat and ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  

That is due to blocked by infection. Please follow the instructions here and then post the log file in your next reply.

http://forums.malwarebytes.org/index.php?showtopic=85715&view=findpost&p=434003

[pamiat]

Hi Maniac,

is there a way I can get MB without using a second computer?

I will not be able to access one for at least a week.

My browser downloads are failing but messenger and mail filesharing appears to be working, much slower than usual though.

Is it possible I receive the Malwarebytes installation as a .zip on my mail and try to install?

I can follow your instructions afterwards.

[Maniac]

Unfortunately, we do not recommend this because your mailbox may be compromised. I will attach to this post MBAM. Download, unzip it and proceed with instructions there.

mbam-setup-1.61.0.1400.exe.zip

[pamiat]

Download won't complete, so I will seek access to a clean computer as initially instructed.

I will post logs hopefully tomorrow, thank you for your patience.

[Maniac]

Thanks for letting me know!

[pamiat]

Hi Maniac, I was able to install mbam on my pc with a usb.

Quickscan detected no infections, here is the log:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.04.08

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

[administrator]

4/14/2012 6:07:51 PM

mbam-log-2012-04-14 (18-07-51).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 197236

Time elapsed: 2 minute(s), 30 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Problem has not been resolved and I am currently looking for a new antivirus as well.

Any suggestions?

[Maniac]

Database version: v2012.04.04.08

Your database is very old, please make sure is up-to-date and perform the quick scan.

Problem has not been resolved and I am currently looking for a new antivirus as well.

You don't have any antivirus installed?

[pamiat]

That's weird because I downloaded the 1.61.0.1400 yesterday and when I installed it, the database was only 10 days old (I can't update from the infected pc).

I had avast but it appears to be quite problematic. Also I cant update any antivirus or microsoft security essentials at the moment.

[Maniac]

Thanks for letting me know!

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

[pamiat]

here goes:

(I had to re-install my wireless after the scan)

ComboFix 12-04-13.01 - TL081 04/14/2012 19:36:01.1.4 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3959.2352 [GMT -7:00]

Running from: c:\users\TL081\Desktop\ComboFix.exe

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Thumbs.db

D:\Autorun.inf

D:\install.exe

H:\Autorun.inf

.

.

((((((((((((((((((((((((( Files Created from 2012-03-15 to 2012-04-15 )))))))))))))))))))))))))))))))

.

.

2012-04-15 02:40 . 2012-04-15 02:40 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-15 02:22 . 2011-12-05 09:44 16432 ----a-w- c:\windows\system32\lsdelete.exe

2012-04-15 02:05 . 2012-04-15 02:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-04-15 02:05 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-15 01:40 . 2012-04-15 01:40 -------- d-----w- c:\users\TL081\AppData\Roaming\SUPERAntiSpyware.com

2012-04-15 01:39 . 2012-04-15 01:40 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-04-15 01:39 . 2012-04-15 01:39 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-04-15 01:27 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys

2012-04-15 01:02 . 2012-04-15 01:02 -------- d-----w- c:\users\TL081\AppData\Roaming\Malwarebytes

2012-04-15 01:02 . 2012-04-15 01:02 -------- d-----w- c:\programdata\Malwarebytes

2012-04-15 00:45 . 2012-04-15 00:45 -------- d--h--w- c:\programdata\Common Files

2012-04-15 00:44 . 2012-04-15 00:52 -------- d-----w- c:\programdata\MFAData

2012-04-13 23:31 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2FD1D06D-DC3D-4DCF-B067-D2F2579B8272}\mpengine.dll

2012-04-11 10:00 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-11 10:00 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-11 10:00 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-04-11 10:00 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-04-11 10:00 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-11 10:00 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-11 10:00 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-04-03 03:21 . 2012-04-03 03:21 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll

2012-04-01 07:52 . 2012-04-01 07:52 -------- d-----w- c:\users\TL081\AppData\Local\4A Games

2012-04-01 07:42 . 2012-04-03 03:25 -------- d-----w- c:\program files (x86)\THQ

2012-03-31 16:50 . 2012-03-31 16:50 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2012-03-28 05:04 . 2012-03-28 05:04 -------- d-----w- c:\users\TL081\AppData\Local\Diagnostics

2012-03-27 05:28 . 2012-03-27 05:28 -------- d-----w- c:\program files (x86)\mIRC

2012-03-27 05:11 . 2012-03-30 07:25 -------- d-----w- c:\users\TL081\AppData\Roaming\mIRC

2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr

2012-03-19 09:51 . 2012-03-19 09:51 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll

2012-03-19 09:51 . 2012-03-19 09:51 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-11 09:10 . 2012-03-15 00:22 88480 ----a-w- c:\windows\system32\drivers\atksgt.sys

2012-04-11 09:10 . 2012-03-15 00:22 46400 ----a-w- c:\windows\system32\drivers\lirsgt.sys

2012-03-10 11:08 . 2012-03-10 11:08 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2012-03-10 11:08 . 2012-03-10 11:08 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2012-03-10 11:08 . 2012-03-10 11:08 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2012-03-10 11:08 . 2012-03-10 11:08 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2012-03-10 11:08 . 2012-03-10 11:08 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2012-03-10 11:08 . 2012-03-10 11:08 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2012-03-10 11:08 . 2012-03-10 11:08 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-03-10 11:08 . 2012-03-10 11:08 367104 ----a-w- c:\windows\SysWow64\html.iec

2012-03-10 11:08 . 2012-03-10 11:08 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2012-03-10 11:08 . 2012-03-10 11:08 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2012-03-10 11:08 . 2012-03-10 11:08 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2012-03-10 11:08 . 2012-03-10 11:08 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2012-03-10 11:08 . 2012-03-10 11:08 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2012-03-10 11:08 . 2012-03-10 11:08 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-03-10 11:08 . 2012-03-10 11:08 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2012-03-10 11:08 . 2012-03-10 11:08 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2012-03-10 11:08 . 2012-03-10 11:08 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2012-03-10 11:08 . 2012-03-10 11:08 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-03-10 11:08 . 2012-03-10 11:08 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-03-10 11:08 . 2012-03-10 11:08 85504 ----a-w- c:\windows\system32\iesetup.dll

2012-03-10 11:08 . 2012-03-10 11:08 76800 ----a-w- c:\windows\system32\tdc.ocx

2012-03-10 11:08 . 2012-03-10 11:08 603648 ----a-w- c:\windows\system32\vbscript.dll

2012-03-10 11:08 . 2012-03-10 11:08 49664 ----a-w- c:\windows\system32\imgutil.dll

2012-03-10 11:08 . 2012-03-10 11:08 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-03-10 11:08 . 2012-03-10 11:08 448512 ----a-w- c:\windows\system32\html.iec

2012-03-10 11:08 . 2012-03-10 11:08 30720 ----a-w- c:\windows\system32\licmgr10.dll

2012-03-10 11:08 . 2012-03-10 11:08 222208 ----a-w- c:\windows\system32\msls31.dll

2012-03-10 11:08 . 2012-03-10 11:08 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-03-10 11:08 . 2012-03-10 11:08 165888 ----a-w- c:\windows\system32\iexpress.exe

2012-03-10 11:08 . 2012-03-10 11:08 160256 ----a-w- c:\windows\system32\wextract.exe

2012-03-10 11:08 . 2012-03-10 11:08 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-03-10 11:08 . 2012-03-10 11:08 12288 ----a-w- c:\windows\system32\mshta.exe

2012-03-10 11:08 . 2012-03-10 11:08 114176 ----a-w- c:\windows\system32\admparse.dll

2012-03-10 11:08 . 2012-03-10 11:08 111616 ----a-w- c:\windows\system32\iesysprep.dll

2012-03-04 13:09 . 2011-05-20 04:02 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-04 07:14 . 2012-03-04 07:14 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys

2012-02-25 02:56 . 2012-02-25 02:56 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin

2012-02-23 16:18 . 2011-05-20 03:57 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-02-15 06:27 . 2012-03-14 04:13 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-15 05:44 . 2012-03-14 04:13 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-02-15 04:47 . 2012-03-14 04:13 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-15 04:46 . 2012-03-14 04:13 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-10 06:18 . 2012-03-14 04:27 1541120 ----a-w- c:\windows\system32\DWrite.dll

2012-02-10 06:17 . 2012-03-14 04:27 1837568 ----a-w- c:\windows\system32\d3d10warp.dll

2012-02-10 06:17 . 2012-03-14 04:27 320512 ----a-w- c:\windows\system32\d3d10_1core.dll

2012-02-10 06:17 . 2012-03-14 04:27 902656 ----a-w- c:\windows\system32\d2d1.dll

2012-02-10 06:17 . 2012-03-14 04:27 197120 ----a-w- c:\windows\system32\d3d10_1.dll

2012-02-10 05:41 . 2012-03-14 04:27 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-02-10 05:41 . 2012-03-14 04:27 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll

2012-02-10 05:41 . 2012-03-14 04:27 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll

2012-02-10 05:41 . 2012-03-14 04:27 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll

2012-02-10 05:41 . 2012-03-14 04:27 739840 ----a-w- c:\windows\SysWow64\d2d1.dll

2012-02-03 04:16 . 2012-03-14 04:28 3143168 ----a-w- c:\windows\system32\win32k.sys

2012-01-25 06:27 . 2012-03-14 04:11 76288 ----a-w- c:\windows\system32\rdpwsx.dll

2012-01-25 06:27 . 2012-03-14 04:11 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-01-25 06:20 . 2012-03-14 04:11 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-01-20 02:56 . 2012-02-15 23:35 210432 ----a-w- c:\windows\SysWow64\ssleay32.dll

2012-01-20 02:56 . 2012-02-15 23:35 210432 ----a-w- c:\windows\SysWow64\libssl32.dll

2012-01-20 02:56 . 2012-02-15 23:35 1019904 ----a-w- c:\windows\SysWow64\libeay32.dll

2010-08-03 19:11 819200 --sha-w- c:\windows\SysWOW64\xvidcore.dll

2010-08-03 19:11 180224 --sha-w- c:\windows\SysWOW64\xvidvfw.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\TL081\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\TL081\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\TL081\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\TL081\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 4785536]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]

"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]

"M-Audio Taskbar Icon"="c:\windows\system32\DeltaIITray.exe" [2009-07-27 236040]

"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-10-26 74752]

"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]

"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-05-07 591696]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]

"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2011-09-28 404568]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

.

c:\users\TL081\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\TL081\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]

OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Digsby.lnk - c:\program files (x86)\Digsby\digsby.exe [2010-3-3 141488]

Update Agent.lnk - c:\program files (x86)\COSMOTE\Internet On The Go\AutoUpdateSrv.exe [2011-5-19 667648]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [x]

R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [x]

R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [x]

R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [x]

R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]

R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-07-23 30528]

R3 L6PODP;PODxt Pro Service;c:\windows\system32\Drivers\L6PODP64.sys [x]

R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-04-27 11776]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]

S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]

S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]

S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-01-31 240232]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]

S3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\DRIVERS\MAudioDelta.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-12-05 17152]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - LAVASOFT_KERNEXPLORER

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 20:06]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\TL081\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\TL081\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\TL081\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\TL081\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-26 10135584]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

mStart Page = hxxp://eis.esnips.com/page/search/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

Trusted Zone: line6.net

FF - ProfilePath - c:\users\joTL081\AppData\Roaming\Mozilla\Firefox\Profiles\e331qf18.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://google.com/

FF - prefs.js: keyword.URL - hxxp://eis.esnips.com/page/search_provider/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d&q=

FF - prefs.js: network.proxy.type - 0

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\windows\SysWOW64\DeltaIITray.exe

c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe

c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe

c:\program files (x86)\OpenOffice.org 3\program\soffice.exe

c:\program files (x86)\OpenOffice.org 3\program\soffice.bin

.

**************************************************************************

.

Completion time: 2012-04-14 19:47:45 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-15 02:47

.

Pre-Run: 74,501,402,624 bytes free

Post-Run: 84,616,880,128 bytes free

.

- - End Of File - - 5241DD776935EE80214EBB21AEFAFF84

[Maniac]

Please post the entire content of C:\QooBox\Add-Remove Programs.txt

[pamiat]

Sorry for the delay:

@BIOS

ABBYY FineReader 6.0 Sprint

Acrobat.com

Ad-Aware

Adobe AIR

Adobe Community Help

Adobe Dreamweaver CS5.5

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Media Player

Adobe Reader 9.1

Adobe Shockwave Player 11.5

Adobe Widget Browser

Android SDK Tools

Apple Application Support

Apple Software Update

ArcSoft MediaImpression

Audacity 1.2.6

AutoGreen B09.1014.2

Browser Configuration Utility

Combined Community Codec Pack 2010-10-10

Cool Edit Pro 2.1

COSMOTE Internet On The Go

Digsby

Dropbox

Easy Tune 6 B10.0521.1

Epson Copy Utility 3.4

Epson Event Manager

EPSON PERFECTION V30_V300 PHOTO Manual

EPSON Scan

FreeRIP v3.6

ImgBurn

Intel® Management Engine Components

IrfanView (remove only)

Java Auto Updater

Java 6 Update 29

LG United Mobile Driver

Line 6 Uninstaller

Malwarebytes Anti-Malware version 1.61.0.1400

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFCLOC_x86

Mozilla Firefox 11.0 (x86 en-US)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Network Stumbler 0.4.0 (remove only)

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

ON_OFF Charge B10.0427.1

OpenOffice.org 3.3

OpenSSL 0.9.8t Light (32-bit)

Picasa 3

Power Tab Editor 1.7

PowerISO

proXPN 2.4.11

QuickTime

Realtek Ethernet Controller Driver For Windows 7

Realtek High Definition Audio Driver

Reason 5.0

S.T.A.L.K.E.R. - Clear Sky [v1.0003]

S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0005]

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Spybot - Search & Destroy

Steinberg Cubase 5

The KMPlayer (remove only)

TrueCrypt

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

VLC media player 1.1.9

Winamp

Winamp Detector Plug-in

Windows Movie Maker 2.6

ZTE_MF636_USB_MODEM_2.1040.0.3

[Maniac]

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

[pamiat]

the scan won't load. It stops after I press start.

[Maniac]

Please try again in Safe Mode with Networking:

http://windows.microsoft.com/en-US/windows7/Start-your-computer-in-safe-mode

[pamiat]

It appears that my wireless will not connect while in safemode. It's a 3G usb.

I am not aware of those being unable to work in safemode. But I am not certain either, should I contact the provider?

Also, Maniac, I installed AVG antivirus and managed to update it after many many hours. The only threat detected and removed was a crack that I do not consider harmful. MBAM will still not update its database, it stops at 38%, goes back to 0% and gives the error Incomplete Transfer.

Another thing that comes to mind is that pc started behaving badly after a java update which I have been skipping for some time.

After I eventually accepted the update, internet speed has been considerably reduced (although the 3G network appears fine),

If this is phishing how can it be dealt with? If not what else can be done except formating hd as a final choice?

[Maniac]

You have made too many changes that should not be made without my instructions. Now it is difficult to trace the entire case. Did you uninstall your AV (Ad-Aware) before install AVG?

You don't need internet connection for OTL.

There have been too many changes and the status of your system is worse. Here's what happens:

http://technet.microsoft.com/en-us/library/cc700813.aspx

After everything you've done, I recommend to re-install this OS.

[pamiat]

I see your point.

I will re-install OS.

Thank you for your help, cheers!

[Maniac]

You're welcome!

[LDTate]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!