Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

malware &/or virus (I think) is preventing AV updates


  • This topic is locked This topic is locked
10 replies to this topic

#1 joolz_red

joolz_red

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 24 February 2011 - 12:43 PM

Hello guys, I hope I've posted this in the correct place. I'm only averagely tech minded so I'll try my best

I'm running Windows XP (sp3) and mostly use Chrome browser with IE occasionally.

My Avira Free has refused to net update for over 24hrs, and when I look at Internet Options I see the 'use proxy server' button is checked although I've previously un-checked it. I've managed to download manually from Avira and am currently running a scan with it & Malwarebytes.

I have some log files but I take notice of the warning against posting hijack this logs in this forum.

There are several processes & files that look decidedly fishy to me but am not sure of where/how to proceed. "ProxyServer = http=127.0.0.1:49717" for example!

I also use Malwarebytes free version & update & scan regularly with this & Avira free AV.

I usually scan any potentially fishy files with AV & MWB before downloading but something's gotten through (could be another user when I've not been here is responsible) or can hardware like a cheap chinese USB hub be responsible?

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:27 PM

Posted 24 February 2011 - 12:54 PM

Welcome joolz
Let's run these as I feel you have a rootkit.

Many malwares like to change the proxy setting on you.

Please click Start > Run, type inetcpl.cpl in the runbox and press enter.

Click the Connections tab and click the LAN settings option.

Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.

Now check if the internet is working again.


Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 joolz_red

joolz_red
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 24 February 2011 - 01:03 PM

Many thanks, boopme. I was afraid it might be a rootkit, not entirely sure what they are but they sound bad...... I can usually cope with most Mal/Spyware etc etc but this has got me beaten.

Yep, something's changed my netoptions LAN settings to use proxy server again, even though I've unclicked it 10 times already today.

MBAM is currently doing a full scan of all drives & it's chinging up items as I type. I'll let it finish then do the TDSS?

#4 joolz_red

joolz_red
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 24 February 2011 - 04:06 PM

TDSS returned no results, report log below


2011/02/24 21:02:22.0515 2460 TDSS rootkit removing tool 2.4.18.0 Feb 21 2011 11:08:08
2011/02/24 21:02:22.0843 2460 ================================================================================
2011/02/24 21:02:22.0843 2460 SystemInfo:
2011/02/24 21:02:22.0843 2460
2011/02/24 21:02:22.0875 2460 OS Version: 5.1.2600 ServicePack: 3.0
2011/02/24 21:02:22.0875 2460 Product type: Workstation
2011/02/24 21:02:22.0875 2460 ComputerName: YOUR-447023AE6B
2011/02/24 21:02:22.0875 2460 UserName: Compaq_Owner
2011/02/24 21:02:22.0875 2460 Windows directory: C:\WINDOWS
2011/02/24 21:02:22.0875 2460 System windows directory: C:\WINDOWS
2011/02/24 21:02:22.0875 2460 Processor architecture: Intel x86
2011/02/24 21:02:22.0875 2460 Number of processors: 1
2011/02/24 21:02:22.0875 2460 Page size: 0x1000
2011/02/24 21:02:22.0875 2460 Boot type: Normal boot
2011/02/24 21:02:22.0875 2460 ================================================================================
2011/02/24 21:02:23.0765 2460 Initialize success
2011/02/24 21:02:26.0046 2560 ================================================================================
2011/02/24 21:02:26.0046 2560 Scan started
2011/02/24 21:02:26.0046 2560 Mode: Manual;
2011/02/24 21:02:26.0046 2560 ================================================================================
2011/02/24 21:02:28.0296 2560 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/24 21:02:28.0593 2560 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/02/24 21:02:28.0812 2560 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/02/24 21:02:29.0031 2560 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/02/24 21:02:29.0593 2560 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/02/24 21:02:30.0109 2560 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/24 21:02:30.0281 2560 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/24 21:02:30.0578 2560 ati2mtag (7a6cf9f411a9c5bd5c442a1cd46af401) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/02/24 21:02:30.0890 2560 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/24 21:02:31.0015 2560 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/24 21:02:31.0171 2560 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/02/24 21:02:31.0375 2560 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/02/24 21:02:31.0562 2560 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/02/24 21:02:31.0734 2560 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/24 21:02:31.0921 2560 Ca50xav (a8eae8e358de3a21e6eb54f4fc7f65ec) C:\WINDOWS\system32\Drivers\Ca50xav.sys
2011/02/24 21:02:32.0171 2560 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/24 21:02:32.0328 2560 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/02/24 21:02:32.0562 2560 CdaC15BA (82c4c6a2343b592c4fd590f625a724a9) C:\WINDOWS\system32\drivers\CDAC15BA.SYS
2011/02/24 21:02:32.0734 2560 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/24 21:02:32.0875 2560 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/24 21:02:33.0046 2560 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/24 21:02:33.0671 2560 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/24 21:02:33.0937 2560 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/24 21:02:34.0203 2560 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/24 21:02:34.0375 2560 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/24 21:02:34.0578 2560 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/24 21:02:34.0843 2560 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/24 21:02:35.0046 2560 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/24 21:02:35.0296 2560 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/02/24 21:02:35.0437 2560 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/24 21:02:35.0593 2560 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/02/24 21:02:35.0765 2560 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/02/24 21:02:35.0953 2560 FNETTHJM (9339335cfaf1ebd80734098ff938b32a) C:\WINDOWS\system32\drivers\fnetthjm.sys
2011/02/24 21:02:36.0156 2560 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/24 21:02:36.0328 2560 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/24 21:02:36.0500 2560 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/02/24 21:02:36.0656 2560 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/24 21:02:36.0859 2560 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/02/24 21:02:37.0093 2560 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/02/24 21:02:37.0390 2560 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/24 21:02:37.0796 2560 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/24 21:02:38.0015 2560 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/24 21:02:38.0515 2560 IntcAzAudAddService (14b48553be78472d2bd3a518658a1710) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/02/24 21:02:38.0937 2560 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/02/24 21:02:39.0093 2560 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/02/24 21:02:39.0234 2560 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/02/24 21:02:39.0390 2560 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/24 21:02:39.0656 2560 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/24 21:02:40.0031 2560 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/24 21:02:40.0343 2560 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/24 21:02:40.0671 2560 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/24 21:02:40.0968 2560 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/24 21:02:41.0281 2560 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/24 21:02:41.0656 2560 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/02/24 21:02:41.0921 2560 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/24 21:02:42.0171 2560 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/24 21:02:42.0515 2560 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/24 21:02:42.0718 2560 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/24 21:02:42.0890 2560 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/24 21:02:43.0062 2560 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/02/24 21:02:43.0187 2560 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/24 21:02:43.0484 2560 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/24 21:02:43.0703 2560 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/24 21:02:43.0968 2560 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/24 21:02:44.0187 2560 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/24 21:02:44.0390 2560 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/24 21:02:44.0531 2560 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/24 21:02:44.0703 2560 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/24 21:02:44.0859 2560 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/02/24 21:02:45.0109 2560 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/24 21:02:45.0359 2560 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/02/24 21:02:45.0593 2560 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/24 21:02:45.0828 2560 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/02/24 21:02:46.0015 2560 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/24 21:02:46.0156 2560 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/24 21:02:46.0312 2560 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/24 21:02:46.0578 2560 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/24 21:02:46.0859 2560 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/24 21:02:47.0000 2560 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/24 21:02:47.0265 2560 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/02/24 21:02:47.0406 2560 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/24 21:02:47.0562 2560 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/24 21:02:47.0812 2560 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/24 21:02:48.0000 2560 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/24 21:02:48.0218 2560 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/24 21:02:48.0421 2560 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/02/24 21:02:48.0562 2560 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/02/24 21:02:48.0687 2560 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/24 21:02:48.0843 2560 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/24 21:02:49.0015 2560 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/24 21:02:49.0265 2560 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/02/24 21:02:49.0468 2560 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/02/24 21:02:50.0171 2560 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/24 21:02:50.0390 2560 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys
2011/02/24 21:02:50.0562 2560 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/24 21:02:50.0703 2560 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/24 21:02:50.0843 2560 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/02/24 21:02:51.0406 2560 RapportCerberus_23945 (d9569c76a4e3fbae2cfe7ebf444ece4d) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\23945\RapportCerberus_23945.sys
2011/02/24 21:02:51.0578 2560 RapportIaso (a25b864a9f1b8b6ca2150ab3ffab5e5e) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\21923\RapportIaso.sys
2011/02/24 21:02:51.0781 2560 RapportKELL (b64262f33c53d690ed662fde57102b10) C:\WINDOWS\system32\Drivers\RapportKELL.sys
2011/02/24 21:02:51.0906 2560 RapportPG (c9b8a131aaf77d969cbc3987537b319d) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
2011/02/24 21:02:52.0125 2560 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/24 21:02:52.0296 2560 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/24 21:02:52.0437 2560 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/24 21:02:52.0609 2560 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/24 21:02:52.0781 2560 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/24 21:02:52.0984 2560 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/24 21:02:53.0203 2560 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/24 21:02:53.0343 2560 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/02/24 21:02:53.0562 2560 RTL8023xp (eacd871fdbe85393d112782896c2d7dd) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2011/02/24 21:02:53.0750 2560 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/02/24 21:02:53.0921 2560 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/24 21:02:54.0078 2560 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/02/24 21:02:54.0218 2560 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/02/24 21:02:54.0421 2560 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/02/24 21:02:54.0718 2560 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/02/24 21:02:55.0015 2560 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/24 21:02:55.0218 2560 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/24 21:02:55.0406 2560 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/24 21:02:55.0640 2560 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/02/24 21:02:55.0890 2560 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/02/24 21:02:56.0078 2560 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/24 21:02:56.0203 2560 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/24 21:02:56.0781 2560 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/24 21:02:57.0046 2560 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/24 21:02:57.0250 2560 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/24 21:02:57.0406 2560 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/24 21:02:57.0546 2560 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/24 21:02:57.0859 2560 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/24 21:02:58.0187 2560 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/24 21:02:58.0437 2560 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/02/24 21:02:58.0578 2560 USBCamera (0c28dd9ec68ccb6e95d49bfd24fd2c11) C:\WINDOWS\system32\Drivers\Bulk50x.sys
2011/02/24 21:02:58.0734 2560 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/02/24 21:02:58.0890 2560 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/24 21:02:59.0046 2560 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/24 21:02:59.0187 2560 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/02/24 21:02:59.0359 2560 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/02/24 21:02:59.0500 2560 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/02/24 21:02:59.0640 2560 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/24 21:02:59.0765 2560 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/02/24 21:02:59.0906 2560 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/02/24 21:03:00.0015 2560 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/02/24 21:03:00.0125 2560 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/24 21:03:00.0296 2560 w810bus (5e8b60606fc4173b69cdecd964f22d28) C:\WINDOWS\system32\DRIVERS\w810bus.sys
2011/02/24 21:03:00.0453 2560 w810mdfl (c0cc4f5a3c58b4c07ec4a82a5ae24714) C:\WINDOWS\system32\DRIVERS\w810mdfl.sys
2011/02/24 21:03:00.0609 2560 w810mdm (2aafeedc3bfe14419cbce7ceea59dd05) C:\WINDOWS\system32\DRIVERS\w810mdm.sys
2011/02/24 21:03:00.0765 2560 w810mgmt (b0037db3f890d0ffcf7e35f356a435ec) C:\WINDOWS\system32\DRIVERS\w810mgmt.sys
2011/02/24 21:03:00.0890 2560 w810obex (bf609636068f17246f94b490c5812483) C:\WINDOWS\system32\DRIVERS\w810obex.sys
2011/02/24 21:03:01.0046 2560 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/24 21:03:01.0250 2560 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/24 21:03:01.0531 2560 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/02/24 21:03:01.0718 2560 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/02/24 21:03:01.0890 2560 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/02/24 21:03:02.0046 2560 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/02/24 21:03:02.0406 2560 ================================================================================
2011/02/24 21:03:02.0406 2560 Scan finished
2011/02/24 21:03:02.0406 2560 ================================================================================


MBAM returned 9 results, apologies I am so stupid I didn't have 'save logs' checked, but I had a mix of trojans, backdoor bots and something like 'hijack shell.gen'

on reboot, the 'use proxy server' in internet options is still checked

#5 joolz_red

joolz_red
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 24 February 2011 - 04:10 PM

The suspect (C&P'ed from a hijackthis log) is

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:49717

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:27 PM

Posted 24 February 2011 - 08:14 PM

Hello,The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

That is most likely a malware vil.nai

I am going to give you some ( actually a bit)info on Rootkiys and backdoors. It's important to consider here especially if you do any financials on here.

Rootkits, backdoor Trojans, Botnets, and IRC Bots are very dangerous because they compromise system integrity by making changes that allow it to by used by the attacker for malicious purposes. Rootkits are used by Trojans to conceal its presence (hide from view) in order to prevent detection of an attacker's software and make removal more difficult. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is send back to the hacker. To learn more about these types of infections, you can refer to:

What danger is presented by rootkits?
Rootkits and how to combat them
r00tkit Analysis: What Is A Rootkit

If your computer was used for online banking, has credit card information or other sensitive data on it, you should disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised and change each password using a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
What Should I Do If I've Become A Victim Of Identity Theft?
Identity Theft Victims Guide - What to do


Although the infection has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired so you can never be sure that you have completely removed a rootkit. The malware may leave so many remnants behind that security tools cannot find them. Tools that claim to be able to remove rootkits cannot guarantee that all traces of it will be removed. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

When should I re-format? How should I reinstall?
Help: I Got Hacked. Now What Do I Do?
Where to draw the line? When to recommend a format and reinstall?


Should you decide not to follow that advice, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy or that the removal will be successful. Some infections are difficult to remove completely because of their morphing characteristics which allows the malware to regenerate itself. Sometimes there is another hidden piece of malware which has not been detected by your security tools that protects malicious files and registry keys (which have been detected) so they cannot be permanently deleted. Disinfection will probably require the use of more powerful tools than we recommend in this forum. Before that can be done you will need you to create and post a DDS/HijackThis log for further investigation. Let me know how you wish to proceed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 joolz_red

joolz_red
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 25 February 2011 - 04:22 AM

Many thanks again boopme

HT log portion gave several Host redirections blocking Avira AV?(01):

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:54:08, on 24/02/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\System32\svchost.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Dell V105\dldnMsdMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O1 - Hosts: 15.112.216.76 perspeak.avira-update.com
O1 - Hosts: 102.220.137.61 personal.nl.avira-update.com
O1 - Hosts: 156.148.100.44 profpeak.avira-update.com
O1 - Hosts: 37.179.202.199 professional.nl.avira-update.com
O1 - Hosts: 245.102.117.217 prempeak.avira-update.com
O1 - Hosts: 241.250.40.143 premium.nl.avira-update.com
O1 - Hosts: 126.228.175.93 personal.avira-update.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [dldnmon.exe] "C:\Program Files\Dell V105\dldnmon.exe"
O4 - HKLM\..\Run: [dldnamon] "C:\Program Files\Dell V105\dldnamon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229591667968
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229591657000
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Update Service (gupdate1c9b7043a5dd570) (gupdate1c9b7043a5dd570) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 8169 bytes


I fixed those & Avira was able to update normally

ON reboot MBAM found nothing on the latest scan

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5873

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

25/02/2011 06:02:09
mbam-log-2011-02-25 (06-02-09).txt

Scan type: Full scan (C:\|D:\|F:\|G:\|H:\|I:\|J:\|K:\|)
Objects scanned: 243345
Time elapsed: 6 hour(s), 15 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Avira log (again nothing found but 14 'warnings' whatever they are)

Avira AntiVir Personal
Report file date: 24 February 2011 22:36

Scanning for 2433480 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : YOUR-447023AE6B

Version information:
BUILD.DAT : 10.0.0.611 31824 Bytes 14/01/2011 13:42:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 13/12/2010 08:39:56
AVSCAN.DLL : 10.0.3.0 46440 Bytes 01/04/2010 12:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 13/12/2010 08:40:06
LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 23:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 18:02:32
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 18:02:34
VBASE002.VDF : 7.11.3.0 1950720 Bytes 09/02/2011 18:02:34
VBASE003.VDF : 7.11.3.1 2048 Bytes 09/02/2011 18:02:34
VBASE004.VDF : 7.11.3.2 2048 Bytes 09/02/2011 18:02:34
VBASE005.VDF : 7.11.3.3 2048 Bytes 09/02/2011 18:02:34
VBASE006.VDF : 7.11.3.4 2048 Bytes 09/02/2011 18:02:34
VBASE007.VDF : 7.11.3.5 2048 Bytes 09/02/2011 18:02:34
VBASE008.VDF : 7.11.3.6 2048 Bytes 09/02/2011 18:02:34
VBASE009.VDF : 7.11.3.7 2048 Bytes 09/02/2011 18:02:34
VBASE010.VDF : 7.11.3.8 2048 Bytes 09/02/2011 18:02:34
VBASE011.VDF : 7.11.3.9 2048 Bytes 09/02/2011 18:02:34
VBASE012.VDF : 7.11.3.10 2048 Bytes 09/02/2011 18:02:34
VBASE013.VDF : 7.11.3.59 157184 Bytes 14/02/2011 18:02:34
VBASE014.VDF : 7.11.3.97 120320 Bytes 16/02/2011 18:02:34
VBASE015.VDF : 7.11.3.148 128000 Bytes 19/02/2011 18:02:34
VBASE016.VDF : 7.11.3.183 140288 Bytes 22/02/2011 18:02:34
VBASE017.VDF : 7.11.3.216 124416 Bytes 24/02/2011 18:02:34
VBASE018.VDF : 7.11.3.217 2048 Bytes 24/02/2011 18:02:34
VBASE019.VDF : 7.11.3.218 2048 Bytes 24/02/2011 18:02:34
VBASE020.VDF : 7.11.3.219 2048 Bytes 24/02/2011 18:02:34
VBASE021.VDF : 7.11.3.220 2048 Bytes 24/02/2011 18:02:34
VBASE022.VDF : 7.11.3.221 2048 Bytes 24/02/2011 18:02:34
VBASE023.VDF : 7.11.3.222 2048 Bytes 24/02/2011 18:02:34
VBASE024.VDF : 7.11.3.223 2048 Bytes 24/02/2011 18:02:34
VBASE025.VDF : 7.11.3.224 2048 Bytes 24/02/2011 18:02:34
VBASE026.VDF : 7.11.3.225 2048 Bytes 24/02/2011 18:02:34
VBASE027.VDF : 7.11.3.226 2048 Bytes 24/02/2011 18:02:34
VBASE028.VDF : 7.11.3.227 2048 Bytes 24/02/2011 18:02:34
VBASE029.VDF : 7.11.3.228 2048 Bytes 24/02/2011 18:02:34
VBASE030.VDF : 7.11.3.229 2048 Bytes 24/02/2011 18:02:34
VBASE031.VDF : 7.11.3.230 2048 Bytes 24/02/2011 18:02:34
Engineversion : 8.2.4.170
AEVDF.DLL : 8.1.2.1 106868 Bytes 24/02/2011 18:02:32
AESCRIPT.DLL : 8.1.3.53 1282427 Bytes 24/02/2011 18:02:32
AESCN.DLL : 8.1.7.2 127349 Bytes 24/02/2011 18:02:30
AESBX.DLL : 8.1.3.2 254324 Bytes 24/02/2011 18:02:30
AERDL.DLL : 8.1.9.2 635252 Bytes 24/02/2011 18:02:30
AEPACK.DLL : 8.2.4.9 512374 Bytes 24/02/2011 18:02:30
AEOFFICE.DLL : 8.1.1.16 205179 Bytes 24/02/2011 18:02:30
AEHEUR.DLL : 8.1.2.78 3277175 Bytes 24/02/2011 18:02:30
AEHELP.DLL : 8.1.16.1 246134 Bytes 24/02/2011 18:02:30
AEGEN.DLL : 8.1.5.2 397683 Bytes 24/02/2011 18:02:30
AEEMU.DLL : 8.1.3.0 393589 Bytes 24/02/2011 18:02:30
AECORE.DLL : 8.1.19.2 196983 Bytes 24/02/2011 18:02:30
AEBB.DLL : 8.1.1.0 53618 Bytes 24/02/2011 18:02:30
AVWINLL.DLL : 10.0.0.0 19304 Bytes 13/12/2010 08:39:56
AVPREF.DLL : 10.0.0.0 44904 Bytes 13/12/2010 08:39:54
AVREP.DLL : 10.0.0.9 174120 Bytes 24/02/2011 18:02:34
AVREG.DLL : 10.0.3.2 53096 Bytes 13/12/2010 08:39:54
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 13/12/2010 08:39:56
AVARKT.DLL : 10.0.22.6 231784 Bytes 13/12/2010 08:39:52
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 13/12/2010 08:39:53
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17/06/2010 14:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 13/12/2010 08:39:56
NETNT.DLL : 10.0.0.0 11624 Bytes 17/06/2010 14:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/01/2010 13:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 13/12/2010 08:40:20

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: delete
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, F:, K:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+PCK,+PFS,+SPR,

Start of the scan: 24 February 2011 22:36

Starting search for hidden objects.
HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NtmsSvc\Config\Standalone\drivelist
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'logon.scr' - '19' Module(s) have been scanned
Scan process 'msdtc.exe' - '40' Module(s) have been scanned
Scan process 'dllhost.exe' - '59' Module(s) have been scanned
Scan process 'dllhost.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'avscan.exe' - '67' Module(s) have been scanned
Scan process 'mbam.exe' - '52' Module(s) have been scanned
Scan process 'avcenter.exe' - '63' Module(s) have been scanned
Scan process 'ctfmon.exe' - '27' Module(s) have been scanned
Scan process 'dldnMsdMon.exe' - '52' Module(s) have been scanned
Scan process 'KBD.EXE' - '60' Module(s) have been scanned
Scan process 'jusched.exe' - '21' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '38' Module(s) have been scanned
Scan process 'realsched.exe' - '29' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'avgnt.exe' - '46' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '35' Module(s) have been scanned
Scan process 'hpsysdrv.exe' - '21' Module(s) have been scanned
Scan process 'alg.exe' - '33' Module(s) have been scanned
Scan process 'YahooAUService.exe' - '24' Module(s) have been scanned
Scan process 'svchost.exe' - '68' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '16' Module(s) have been scanned
Scan process 'jqs.exe' - '33' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'avguard.exe' - '58' Module(s) have been scanned
Scan process 'GoogleCrashHandler.exe' - '24' Module(s) have been scanned
Scan process 'sched.exe' - '45' Module(s) have been scanned
Scan process 'spoolsv.exe' - '59' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'Explorer.EXE' - '143' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '26' Module(s) have been scanned
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'svchost.exe' - '157' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'svchost.exe' - '53' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '15' Module(s) have been scanned
Scan process 'lsass.exe' - '51' Module(s) have been scanned
Scan process 'services.exe' - '27' Module(s) have been scanned
Scan process 'winlogon.exe' - '67' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!
Master boot sector HD5
[INFO] No virus was found!
Master boot sector HD6
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!
Boot sector 'K:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '426' files ).


Starting the file scan:

Begin scan in 'C:\' <PRESARIO>
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 3.2 (en-US) Installation Files\openofficeorg1.cab
[0] Archive type: CAB (Microsoft)
--> testtar.tar
[1] Archive type: TAR (tape archiver)
--> gnu/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/longname
[WARNING] Internal error!
C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\OOo_3.1.0_Win32Intel_install_wJRE_en-US.exe
[0] Archive type: NSIS
--> unknown10
[1] Archive type: CAB (Microsoft)
--> testtar.tar
[2] Archive type: TAR (tape archiver)
--> gnu/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/longname
[WARNING] Internal error!
C:\Documents and Settings\Compaq_Owner\My Documents\OpenOffice.org 3.1 (en-US) Installation Files\openofficeorg1.cab
[0] Archive type: CAB (Microsoft)
--> testtar.tar
[1] Archive type: TAR (tape archiver)
--> gnu/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/longname
[WARNING] Internal error!
C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\OOo_3.1.0_Win32Intel_install_wJRE_en-US.exe
[0] Archive type: NSIS
--> unknown10
[1] Archive type: CAB (Microsoft)
--> testtar.tar
[2] Archive type: TAR (tape archiver)
--> gnu/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/longname
[WARNING] Internal error!
C:\System Volume Information\_restore{D8696F73-2D76-412A-A981-4300C43EF86F}\RP825\A0204061.exe
[0] Archive type: NSIS
-->
[1] Archive type: CAB (Microsoft)
--> testtar.tar
[2] Archive type: TAR (tape archiver)
--> gnu/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/longname
[WARNING] Internal error!
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 3.2 (en-US) Installation Files\openofficeorg1.cab
[0] Archive type: CAB (Microsoft)
--> testtar.tar
[1] Archive type: TAR (tape archiver)
--> gnu/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/longname
[WARNING] Internal error!
C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\OOo_3.1.0_Win32Intel_install_wJRE_en-US.exe
[0] Archive type: NSIS
--> unknown10
[1] Archive type: CAB (Microsoft)
--> testtar.tar
[2] Archive type: TAR (tape archiver)
--> gnu/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/longname
[WARNING] Internal error!
C:\Documents and Settings\Compaq_Owner\My Documents\OpenOffice.org 3.1 (en-US) Installation Files\openofficeorg1.cab
[0] Archive type: CAB (Microsoft)
--> testtar.tar
[1] Archive type: TAR (tape archiver)
--> gnu/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/longname
[WARNING] Internal error!
C:\Documents and Settings\Compaq_Owner\Desktop\OpenOffice.org 3.2 (en-US) Installation Files\openofficeorg1.cab
[0] Archive type: CAB (Microsoft)
--> testtar.tar
[1] Archive type: TAR (tape archiver)
--> gnu/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/longname
[WARNING] Internal error!
Begin scan in 'D:\' <PRESARIO_RP>
Begin scan in 'F:\' <Old Hard Drive>
F:\Program Files\OpenOffice.org 3\OOo_3.2.0_Win32Intel_install_wJRE_en-US.exe
[0] Archive type: NSIS
--> 1
[1] Archive type: CAB (Microsoft)
--> testtar.tar
[2] Archive type: TAR (tape archiver)
--> gnu/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/longname
[WARNING] Internal error!
F:\Program Files\OpenOffice.org 3\OOo_3.2.1_Win_x86_install_en-US.exe
[0] Archive type: NSIS
--> unknown5
[1] Archive type: CAB (Microsoft)
--> testtar.tar
[2] Archive type: TAR (tape archiver)
--> gnu/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/longname
[WARNING] Internal error!
F:\Program Files\OpenOffice.org 3\openofficeorg1.cab
[0] Archive type: CAB (Microsoft)
--> testtar.tar
[1] Archive type: TAR (tape archiver)
--> gnu/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/longname
[WARNING] Internal error!
F:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\testtar.tar
[0] Archive type: TAR (tape archiver)
--> gnu/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/longname
[WARNING] Internal error!
[WARNING] Internal error!
Begin scan in 'K:\' <FREECOM HDD>


End of the scan: 25 February 2011 05:27
Used time: 6:50:45 Hour(s)

The scan has been done completely.

15125 Scanned directories
1242068 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
1242068 Files not concerned
21273 Archives were scanned
14 Warnings
0 Notes
414877 Objects were scanned with rootkit scan
1 Hidden objects were found


Very grateful for your help

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:27 PM

Posted 25 February 2011 - 10:43 AM

Hello again joolz.. These warnings appear to be an AVira issue that was fixed today,Update and run it again.

You search Engine version is : 8.2.4.170

This issue is solved now. Just update your Avira.
Latest search engine (8.02.04.176).

http://forum.avira.com/wbb/index.php?page=Thread&threadID=125933

Edited by boopme, 25 February 2011 - 10:43 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 joolz_red

joolz_red
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 25 February 2011 - 02:04 PM

Thank you very much for the help & info boopme. Do you think the problem was 'just' vil.nai malware or do you think it may be a rootkit? I don't want to have to format & reinstall unless I have to, although I have changed all my passwords from another PC as advised.

Avira updates fine now, scans with Avira AV & MBAM report nothing amiss in any of my HDDs.

I usually practice 'safe internet' so it proves that these things can happen to anyone (and a reminder to me to create guest accounts!)

I am so grateful for your time & patience :thumbsup:

Final logs before I hopefully quit and leave you guys alone!

Is there anything else on this latest HijackThis! log I should be really concerned over? I am not sure....

log removed


Edited by joolz_red, 25 February 2011 - 02:29 PM.


#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:27 PM

Posted 25 February 2011 - 02:26 PM

Hello there is infection in that log. C rukes say we cannot analyze them here in AII you ned to start a new topic

Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
Include the HJT log you posted earlier.
If Gmer won't run,skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,993 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:27 PM

Posted 25 February 2011 - 08:07 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic381584.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users