Cannot update malawarebytes and spybot search&distroy and I cannot even visit the websites

[fellowsh]

Dear all, I have 4 different machines, 2 PCs running XP Pro 64 and 2 Netbooks (Samsung N120 and Toshiba NB100 running XP Pro 32).

I have kaspersky internet security 2010 fully updated on all machines. Besides Kasperski, I use spybot search and distroy, spyware blaster and spyware terminator. I have been using them for quite a while.

My issue is that since 3 days ago, I have not been able to update either spybot search and destroy or malawarebytes and I cannot even visit their websites.

When I try to update malawarebytes I get "An Error Occurred. Please report the following error code to the Malawarebytes' Anti-Malaware support team. Error code: 732(12007,0)".

When I try spybot search and destroy I get "error retrieveing updated info file".

Also, I cannot even open their webpages either with IE8, Firefox or Chrome. For instance Firefox returns the "Server not found" error. That is phoney as I am connected remotely with my office PC and there are no issues whatsoever. Same thing with Spybot.

I also tried hijackthis and the analysis of the log revealed nothing dangerous.

I ran kaspersky and malawarebytes and none found any threat........however not being able to visit only spyware/malaware related sites sounds very odd (I am indeed using my office PCs remotely to write in the forum). Even worse, the fact that I cannot update them smells like virus to me!

As kindly suggested by Ibrad ( http://forums.malwarebytes.org/index.php?showtopic=41749) I tried running dds.scr but it says that it won't run on XP 64 [this tool does not support your operating system.press any key to continue].

I did manage to run GMER Rootkit Scanner and I attach its log as ark.txt. In the hope to help I also attach HJT's log to this message.

As indicated in the directions, I zipped them and upload them both as Attach.zip

I am very happy to provide any further diagnostic check that may be required but for the time being, please allow me to say that all computers are fully updated in terms of OS and antivirus, spyware and malaware.

Any help would be greatly appreciated

Roberto

Hijackthis log

Logfile of Trend Micro HijackThis v2.0.3 (BETA)

Scan saved at 12:01:47, on 28/02/2010

Platform: Windows 2003 SP2 (WinNT 5.02.3790)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

C:\WINDOWS\SysWOW64\svchost.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

C:\Program Files (x86)\Java\jre6\bin\jqs.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe

C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

C:\WINDOWS\SysWOW64\WebUpdateSvc4.exe

C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe

C:\WINDOWS\SysWOW64\ctfmon.exe

C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe

C:\Program Files (x86)\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

D:\Eudora\Eudora.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe

C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Documents and Settings\mzyssrm3\Desktop\SECURITY\sgnvw9z1.exe

C:\Program Files (x86)\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files (x86)\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files (x86)\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Program Files (x86)\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\mzyssrm3\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

O12 - Plugin for .spop: C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll

O15 - ESC Trusted Zone: http://runonce.msn.com

O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.co.uk/s/v/57.11/uploader2.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1254305959781

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1254306271406

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\SysWOW64\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\SysWOW64\browseui.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)

O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)

O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)

O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files (x86)\Java\jre6\bin\jqs.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe

O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)

O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Oracle IRM Desktop Service Host (OracleIRMServiceHost) - Oracle Corporation - C:\Program Files (x86)\Oracle\Information Rights Management\Desktop\OracleIRMServiceHost.exe

O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)

O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Rapport Launching Service (RapportLaunService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe

O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)

O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)

O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)

O23 - Service: Web Update Wizard Service V4 (WebUpdate4) - Data Perceptions / PowerProgrammer - C:\WINDOWS\system32\WebUpdateSvc4.exe

O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

O23 - Service: Windows Search (WSearch) - Unknown owner - C:\WINDOWS\system32\SearchIndexer.exe (file missing)

--

End of file - 12592 bytes

Attach.zip

[Maurice Naggar]

Hello,

On the error 732: can you tell me if you are able to connect to this forum on -the problem pc- ?

Meaning is it really fully connected to the internet.

How is your system connected for internet? using a modem & router?

Check visually to see that all devices are really online.

btw, please do not attach any logs unless I ask you to. Always Copy & Paste reports into body of reply textbox.

[fellowsh]

Hello,

On the error 732: can you tell me if you are able to connect to this forum on -the problem pc- ?

Meaning is it really fully connected to the internet.

How is your system connected for internet? using a modem & router?

Check visually to see that all devices are really online.

btw, please do not attach any logs unless I ask you to. Always Copy & Paste reports into body of reply textbox.

Maurice, thank you for your kind reply

The PCs are connect to the internet using a router (Netgear DG834GT) using regular lan cables while the netbooks use wireless

All the machines have access to the web except for malawarebytes and spybot search and destroy web sites (as far as i can tell so far).

I can check my email, I can read NYT for instance and I can remote to my office PC which is what I am using now to access the forum which I cannot access from home.

As far as updates are concerned, I cannot update only malawarebytes and spybot whereas I can update spyware blaster, spyware terminator and I can access windows updates as well.

Thx

r

[Maurice Naggar]

If downloads cannot be done on this pc, you'll need to use another one & then copy to CD/DVD or a new-clean USB drive & then transport & copy to the desktop of problem-system.

Show all files:

• Click the Start button, and then click Computer.
  
• On the Organize menu, click Folder and Search Options.
  
• Click the View tab.
  
• Locate and uncheck Hide file extensions for known file types.
  
• Locate and uncheck Hide protected operating system files (Recommended).
  
• Locate and click Show hidden files and folders.
  
• Click Apply > OK.
  

I'd like to see some additional diagnostic reports for review.

RUN MBAM just as it is now:

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab. Make sure all option lines have a checkmark.

Click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

• Close all open windows on the Task Bar. Click the icon (for Vista, right click the icon and Run as Administrator) to start the program.
  
• In the lower right corner of the Top Panel, checkmark "LOP Check" and checkmark "Purity Check".
  
• Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  
• It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  
• Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  
• Exit OTL by clicking the X at top right.
  

Download Security Check by screen317 and save it to your Desktop: here or here

• Run Security Check
  
• Follow the onscreen instructions inside of the command window.
  
• A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!
  

If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

Then copy/paste the following into your post (in order):

• the contents of latest MBAM scan log
  
• the contents of OTL.txt
  
• the contents of Extras.txt
  
• the contents of checkup.txt
  

[fellowsh]

Malwarebytes' Anti-Malware 1.44

Database version: 3740

Windows 5.2.3790 Service Pack 2

Internet Explorer 8.0.6001.18702

28/02/2010 17:47:08

mbam-log-2010-02-28 (17-47-08).txt

Scan type: Quick Scan

Objects scanned: 118325

Time elapsed: 5 minute(s), 20 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

OTL logfile created on: 28/02/2010 17:48:41 - Run 1

OTL by OldTimer - Version 3.1.30.3 Folder = C:\Documents and Settings\mzyssrm3\Desktop\SECURITY

64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 78.00% Memory free

16.00 Gb Paging File | 14.00 Gb Available in Paging File | 93.00% Paging File free

Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 931.50 Gb Total Space | 695.44 Gb Free Space | 74.66% Space Free | Partition Type: NTFS

Drive D: | 232.88 Gb Total Space | 58.91 Gb Free Space | 25.30% Space Free | Partition Type: NTFS

Drive E: | 149.04 Gb Total Space | 120.38 Gb Free Space | 80.77% Space Free | Partition Type: NTFS

Drive F: | 931.51 Gb Total Space | 368.19 Gb Free Space | 39.53% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive K: | 149.05 Gb Total Space | 28.97 Gb Free Space | 19.43% Space Free | Partition Type: NTFS

Drive N: | 298.09 Gb Total Space | 113.46 Gb Free Space | 38.06% Space Free | Partition Type: NTFS

Drive P: | 149.05 Gb Total Space | 54.00 Gb Free Space | 36.23% Space Free | Partition Type: NTFS

Computer Name: CICCIO-Q6600

Current User Name: mzyssrm3

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/28 17:39:55 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mzyssrm3\Desktop\SECURITY\OTL.exe

PRC - [2010/02/17 11:44:12 | 001,295,592 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe

PRC - [2010/02/17 11:44:12 | 000,779,496 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

PRC - [2009/12/17 17:14:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jqs.exe

PRC - [2009/12/09 21:50:01 | 000,488,960 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe

PRC - [2009/10/26 15:45:46 | 000,542,272 | ---- | M] (ESET) -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe

PRC - [2009/10/26 15:45:38 | 000,843,032 | ---- | M] () -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe

PRC - [2009/10/20 20:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

PRC - [2007/06/25 16:19:10 | 000,229,592 | ---- | M] (Data Perceptions / PowerProgrammer) -- C:\WINDOWS\SysWOW64\WebUpdateSvc4.exe

PRC - [2006/12/18 13:34:36 | 000,868,352 | R--- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe

PRC - [2006/10/26 12:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

PRC - [2006/07/13 06:12:26 | 000,729,088 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\SoundMAX\SMax4.exe

========== Modules (SafeList) ==========

MOD - [2010/02/28 17:39:55 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mzyssrm3\Desktop\SECURITY\OTL.exe

MOD - [2010/02/17 11:44:18 | 000,496,872 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\rooksbas.dll

MOD - [2007/02/18 12:00:00 | 000,273,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\comdlg32.dll

MOD - [2007/02/18 12:00:00 | 000,178,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\wbem\framedyn.dll

MOD - [2007/02/18 12:00:00 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\MSCTFIME.IME

MOD - [2007/02/17 05:58:24 | 001,051,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\wow64_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_5FA17F4E\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/03/30 16:19:56 | 002,297,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2010/02/17 11:44:22 | 000,507,888 | ---- | M] (Trusteer Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe -- (RapportLaunService)

SRV - [2010/02/17 11:44:12 | 000,779,496 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)

SRV - [2010/01/30 14:55:41 | 002,431,024 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\rswin_3647.dll -- (Akamai)

SRV - [2009/12/17 17:14:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2009/12/09 21:50:01 | 000,488,960 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)

SRV - [2009/12/09 13:30:42 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2009/12/01 08:49:22 | 000,268,608 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Oracle\Information Rights Management\Desktop\OracleIRMServiceHost.exe -- (OracleIRMServiceHost)

SRV - [2009/11/13 11:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Stopped] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)

SRV - [2009/10/20 20:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP)

SRV - [2009/09/28 19:35:04 | 000,120,640 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe -- (LMIMaint)

SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe -- (Bonjour Service)

SRV - [2008/12/12 07:31:10 | 000,537,896 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)

SRV - [2008/12/02 14:29:52 | 000,877,864 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3)

SRV - [2008/08/11 12:40:58 | 000,057,920 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)

SRV - [2008/07/25 09:13:48 | 000,093,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)

SRV - [2008/07/25 09:13:44 | 000,046,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe -- (aspnet_state)

SRV - [2007/10/18 10:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)

SRV - [2007/06/25 16:19:10 | 000,229,592 | ---- | M] (Data Perceptions / PowerProgrammer) [Auto | Running] -- C:\WINDOWS\SysWOW64\WebUpdateSvc4.exe -- (WebUpdate4)

SRV - [2007/05/17 21:45:33 | 000,443,752 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)

SRV - [2007/02/18 12:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\iasrecst.dll -- (IASJet)

SRV - [2007/02/18 12:00:00 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)

SRV - [2006/12/19 08:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Disabled | Stopped] -- C:\WINDOWS\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)

SRV - [2006/11/02 14:24:32 | 000,184,320 | ---- | M] (VoyagerSoft, LLC) [Disabled | Stopped] -- C:\Program Files (x86)\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe -- (ScReadSpool)

SRV - [2006/10/26 12:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)

SRV - [2006/10/18 19:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)

========== Driver Services (SafeList) ==========

DRV - [2010/02/17 11:44:22 | 000,063,472 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportKE64.sys -- (RapportKE64)

DRV - [2009/12/13 15:31:28 | 000,222,160 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\SysWOW64\Drivers\truecrypt.sys -- (truecrypt)

DRV - [2008/08/11 12:41:00 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)

DRV - [2007/04/10 21:46:37 | 000,111,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysWOW64\VX3000.dll -- (VX3000)

DRV - [2007/02/18 12:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWOW64\mnmdd.dll -- (mnmdd)

DRV - [2006/06/16 07:30:16 | 000,262,656 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Drivers\RTL8187.SYS -- (RTLWUSB)

DRV - [2006/03/31 03:39:54 | 000,013,532 | ---- | M] (Windows

Edited February 28, 2010 by Maurice Naggar
removed quoted reply section

[Maurice Naggar]

You will want to print out or copy these instructions to Notepad for offline reference!

We'll need to disable the antivirus real-time monitors. Use the folllowing as a guide.

Do NOT turn off the firewall.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.

Using Internet Explorer browser only, go to ESET Online Scanner website:

http://www.eset.com/onlinescan/

• Accept the Terms of Use and press Start button;
  
• Approve the install of the required ActiveX Control, then follow on-screen instructions;
  
• Enable (check) the Remove found threats option, and run the scan.
  
• After the scan completes, the Details tab in the Results window will display what was found and removed.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt.
    

  Look at contents of this file using Notepad or Wordpad.

  The Frequently Asked Questions for ESET Online Scanner can be viewed here

  http://www.eset.com/onlinescan/cac4.php?page=faq

  • From ESET Tech Support: If you have ESET NOD32 installed, you should disable it prior to running this scanner.
    Otherwise the scan will take twice as long to do:
    everytime the ESET online scanner opens a file on your computer to scan it, NOD32 on your machine will rescan the file as a result.
    
  • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
    (And the prompt re-enabling when finished.)
    
  • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
    
  • Do not use the system while the scan is running. Once the full scan is underway, go take a long break
    

Reply with copy of the Eset scan log

[fellowsh]

thank you again Maurice for your kind patience and support

I had already started the online scan with eset on all machines. eset detected some stuff on both pcs but the netbooks are clean so I would be inclined to believe that there is more than what eset found

anyway, here is the result of the scan

C:\System Volume Information\_restore{C3A018C8-1A01-4C62-B046-FDFD5DE9F1DF}\RP161\A0088496.exe probably a variant of Win32/Spy.Banker trojan cleaned by deleting - quarantined

F:\BACKUP_N\SETUP CD\DVD SOFTWARES\DVD SHRINK\DVD RIP\DVD Rip 0.2.zip probably a variant of Win32/Agent trojan deleted - quarantined

F:\BACKUP_N\SETUP CD\NERO\NERO SERIE 8\Nero-8.3.13.0_all_update.exe Win32/Toolbar.AskSBar application deleted - quarantined

F:\BACKUP_N\SETUP CD\STATA 10\NUOVA VERSIONE COMPLETA SCARICATA DA ME\Stata10.zip probably a variant of Win32/Spy.Banker trojan deleted - quarantined

N:\SETUP CD\DVD SOFTWARES\DVD SHRINK\DVD RIP\DVD Rip 0.2.zip probably a variant of Win32/Agent trojan deleted - quarantined

N:\SETUP CD\NERO\NERO SERIE 8\Nero-8.3.13.0_all_update.exe Win32/Toolbar.AskSBar application deleted - quarantined

N:\SETUP CD\STATA 10\NUOVA VERSIONE COMPLETA SCARICATA DA ME\Stata10.zip probably a variant of Win32/Spy.Banker trojan deleted - quarantined

thanx again

r

[Maurice Naggar]

First, please only use the ADDReply button when starting a reply. It is at the bottom of the forum screen-window. If you must use quoted sections, please make them short.

There's no need to have my reply quoted into every response from you.

More important --- your mention of several pc's has now got me confused.

Verify for me that this whole thread is only for one (1) system. !!!

Next, the item in system restore tagged by the scan doesn't count since it was out of the way.

But what did you have for the Nero backup on drive F & N ??

But since nothing else was tagged on C drive, that is a good sign.

Again, confirm for me that this whole thread was relating to only 1 system. Otherwise, we have a confusing mess.

[fellowsh]

Dear Maurice, thank you for your kind reply.

Sorry for the confusion about all the machines. I am experiencing the same issue on all 4 different pcs. I thought it would be a valuable piece of information.

I have been running the diagnostics and checks on all of them but only reporting for 1 machine, my main PC.

I assumed that the problem would be the same so I could replicate the solution on all computers. So, for instance, I ran ESET on all 4 machines and it found some issues only with old files in both PCs running XP64 (mine and my wife's) but found nothing on the netbooks (both run xp).

The nero stuff ESET found is simply old update setupfiles which for some reason I have kept in my archive of all setup files.

That version of Nero always tried to shove the askbar or smtg upon install.

Thanks again for your support and guidance

Kind regards

R

ps: the problem seems to encompass adobe as well. Today I ran the scan for vulnerabilities of Kasperski and it suggested updating adobe flash player. So I tried and it won't let me into http://www.adobe.com/go/getflash. I get the same error code I get with malawarebytes and spybot (Server not found...)

[Maurice Naggar]

OK. Let us have this thread strictly for your main pc. and no other.

{Running ESET online scan or another AV online scan on your other systems is ok --- but you do that on your own}.

It's enough work here just for 1 system, plus having a 64-bit o.s. complicates things a bit since there are limited tools to apply on them.

btw, leave the Adobe flash update for much later. Don't risk it now.

Disable the options "Automatically detect settings" and "Use automatic configuration script."

To do this:

1. Open Internet Explorer.

2. Click "Tools," and then click "Internet Options."

3. Click "Connections," and then click "LAN Settings."

4. Make sure the check boxes for "Automatically detect settings" and "Use automatic configuration script" are not selected.

Next:

Reset the system Hosts file using this MS article & the FIXIT option button

http://support.microsoft.com/default.aspx/kb/972034

That will reset the Hosts file back to standard default.

Next:

{The following are the directions for 64-bit Windows ! }

I'm going to copy here selected sections of standard response for your main issue with MBAM update.

Exclude Malwarebytes' Anti-Malware's Files and Folders From Other Active Security Programs:

For 64 bit versions of Windows

• C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
  
• C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
  
• C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
  
• C:\Program Files (x86)\Malwarebytes' Anti-Malware\zlib.dll
  
• C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll
  
• C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
  
• C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
  
• C:\Windows\System32\drivers\mbam.sys
  
• C:\Windows\SysWoW64\drivers\mbamswissarmy.sys
  

Note: If using a software firewall besides the built in Windows Firewall you'll need to exclude MBAM.EXE from it as well

Next: Ping the Content Delivery Network

Click on START and in the search line type in CMD and press the Enter key

Then in the command-prompt window type in the following and press the Enter key and verify that you get a response

PING mbam-cdn.malwarebytes.org

The FAQ contains examples of setting file exclusions for some known AV products.

Tell me the results of the PING

also, start MBAM and use the Update function & advise of result

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!