oliveoil

Thanks have done as you suggested, both Avira and Malwarebytes now seem to be updating and running fine. Will move this thread if I have any further problems. Again thanks for your help. By the way LOVE your photo what sort of Terrier is he/she? Would really like one myself. He/she's a beauty!

Many thanks From instructions page that you mentioned, just downloaded new version over the old Malwarebytes & its working fine. My AntiVirus is Avira & has always worked fine with Malwarebytes in the past. V quick solution. Thanks once again. Regards Pat

On trying to access Malwarebytes from Desktop keep getting following message:- An error has occurred. Please report this error code to our support team. PROGRAM_ERROR_LOAD_DATABASE (-2146893820, -214893820, cREATEsdk) Bad Length What do I do? Regards Pat

Many thanks for your advice have reposted in HJT Forum, as have already run the Malwarebytes & Avira scans

Hi Have been told to repost here. Pc runs XP Service Pack 3 & Avira Antivirus, plus Malwarebytes (have had Avira & Malwarbyts for over a year now). Cant update Malwarebytes on user Account pages get following message Error has occured. Please report error code to our support team. PROGRAM_ERROR_UPDATING(5,0,Createfile) Acces is denied. But can update on Administrator Have got two detections of Malware found on Avira both the same apart from different Boot sector on 7th Feb. E is my backup harddrive does this mean virus has access to this? The Avira detection for E only occurred on yesterday's scan. The file 'Boot sector 'E:\'' contained a virus or unwanted program 'BOO/Sinowal.F' [virus] Action(s) taken: Contains code of the BOO/Sinowal.F boot sector virus. The boot sector was not written! Also The file 'Master boot sector HD1' contained a virus or unwanted program 'BOO/Sinowal.F' [virus] Action(s) taken: Contains code of the BOO/Sinowal.F boot sector virus. The boot sector was not written! On events noticed this as far back as 08/01/2011 The file 'Master boot sector HD1' contained a virus or unwanted program 'BOO/Sinowal.F' [virus] Action(s) taken: Contains code of the BOO/Sinowal.F boot sector virus. The boot sector was not written! Avira doesnt give the option to delete of quarantine. As Malwarebytes isnt updating could the virus have disabled this? Have tried to look for info on the net for this and came across this http://www.geekstogo.com/forum/topic...9-boosinowalf/ which really alarmed me. Unfortunately my husband uses this PC & hadnt taken onboard the significance of Avira failing to remove the Malware! Avira records only go back to begin of Jan & the there are continued records from then of the virus being on Master Boot HD1. Have only found out about this this morning! This is yesterday's 1st Avira scan Avira AntiVir Personal Report file date: 07 February 2011 10:14 Scanning for 2456743 virus strains and unwanted programs. The program is running as an unrestricted full version. Online services are available: Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : USER-Q9NPIFAZX8 Version information: BUILD.DAT : 10.0.0.611 31824 Bytes 14/01/2011 13:42:00 AVSCAN.EXE : 10.0.3.5 435368 Bytes 08/12/2010 10:31:50 AVSCAN.DLL : 10.0.3.0 46440 Bytes 01/04/2010 12:57:04 LUKE.DLL : 10.0.3.2 104296 Bytes 08/12/2010 10:31:52 LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 23:40:49 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 09:05:36 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 10:31:48 VBASE002.VDF : 7.11.0.1 2048 Bytes 14/12/2010 10:31:48 VBASE003.VDF : 7.11.0.2 2048 Bytes 14/12/2010 10:31:48 VBASE004.VDF : 7.11.0.3 2048 Bytes 14/12/2010 10:31:48 VBASE005.VDF : 7.11.0.4 2048 Bytes 14/12/2010 10:31:48 VBASE006.VDF : 7.11.0.5 2048 Bytes 14/12/2010 10:31:48 VBASE007.VDF : 7.11.0.6 2048 Bytes 14/12/2010 10:31:48 VBASE008.VDF : 7.11.0.7 2048 Bytes 14/12/2010 10:31:48 VBASE009.VDF : 7.11.0.8 2048 Bytes 14/12/2010 10:31:48 VBASE010.VDF : 7.11.0.9 2048 Bytes 14/12/2010 10:31:48 VBASE011.VDF : 7.11.0.10 2048 Bytes 14/12/2010 10:31:48 VBASE012.VDF : 7.11.0.11 2048 Bytes 14/12/2010 10:31:48 VBASE013.VDF : 7.11.0.52 128000 Bytes 16/12/2010 11:53:08 VBASE014.VDF : 7.11.0.91 226816 Bytes 20/12/2010 10:31:26 VBASE015.VDF : 7.11.0.122 136192 Bytes 21/12/2010 14:29:05 VBASE016.VDF : 7.11.0.156 122880 Bytes 24/12/2010 12:29:36 VBASE017.VDF : 7.11.0.185 146944 Bytes 27/12/2010 10:31:25 VBASE018.VDF : 7.11.0.228 132608 Bytes 30/12/2010 17:50:36 VBASE019.VDF : 7.11.1.5 148480 Bytes 03/01/2011 10:31:26 VBASE020.VDF : 7.11.1.37 156672 Bytes 07/01/2011 10:31:32 VBASE021.VDF : 7.11.1.65 140800 Bytes 10/01/2011 18:47:26 VBASE022.VDF : 7.11.1.87 225280 Bytes 11/01/2011 10:31:26 VBASE023.VDF : 7.11.1.124 125440 Bytes 14/01/2011 10:31:35 VBASE024.VDF : 7.11.1.155 132096 Bytes 17/01/2011 16:07:31 VBASE025.VDF : 7.11.1.189 451072 Bytes 20/01/2011 16:07:53 VBASE026.VDF : 7.11.1.230 138752 Bytes 24/01/2011 10:31:26 VBASE027.VDF : 7.11.2.12 164352 Bytes 27/01/2011 10:31:28 VBASE028.VDF : 7.11.2.43 178176 Bytes 01/02/2011 14:35:22 VBASE029.VDF : 7.11.2.78 206336 Bytes 04/02/2011 10:31:28 VBASE030.VDF : 7.11.2.79 2048 Bytes 04/02/2011 10:31:28 VBASE031.VDF : 7.11.2.80 2048 Bytes 04/02/2011 10:31:28 Engineversion : 8.2.4.162 AEVDF.DLL : 8.1.2.1 106868 Bytes 30/07/2010 15:28:55 AESCRIPT.DLL : 8.1.3.53 1282427 Bytes 31/01/2011 10:31:54 AESCN.DLL : 8.1.7.2 127349 Bytes 23/11/2010 17:09:23 AESBX.DLL : 8.1.3.2 254324 Bytes 23/11/2010 17:09:37 AERDL.DLL : 8.1.9.2 635252 Bytes 22/09/2010 14:28:48 AEPACK.DLL : 8.2.4.9 512374 Bytes 31/01/2011 10:31:51 AEOFFICE.DLL : 8.1.1.16 205179 Bytes 31/01/2011 10:31:46 AEHEUR.DLL : 8.1.2.73 3207541 Bytes 04/02/2011 10:31:33 AEHELP.DLL : 8.1.16.1 246134 Bytes 04/02/2011 10:31:27 AEGEN.DLL : 8.1.5.2 397683 Bytes 20/01/2011 16:08:15 AEEMU.DLL : 8.1.3.0 393589 Bytes 23/11/2010 17:08:59 AECORE.DLL : 8.1.19.2 196983 Bytes 20/01/2011 16:08:06 AEBB.DLL : 8.1.1.0 53618 Bytes 05/06/2010 19:13:12 AVWINLL.DLL : 10.0.0.0 19304 Bytes 14/01/2010 12:03:38 AVPREF.DLL : 10.0.0.0 44904 Bytes 14/01/2010 12:03:35 AVREP.DLL : 10.0.0.8 62209 Bytes 18/02/2010 16:47:40 AVREG.DLL : 10.0.3.2 53096 Bytes 03/11/2010 10:33:00 AVSCPLR.DLL : 10.0.3.2 84328 Bytes 08/12/2010 10:31:51 AVARKT.DLL : 10.0.22.6 231784 Bytes 08/12/2010 10:31:47 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26/01/2010 09:53:30 SQLITE3.DLL : 3.6.19.0 355688 Bytes 28/01/2010 12:57:58 AVSMTP.DLL : 10.0.0.17 63848 Bytes 16/03/2010 15:38:56 NETNT.DLL : 10.0.0.0 11624 Bytes 19/02/2010 14:41:00 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/01/2010 13:10:20 RCTEXT.DLL : 10.0.58.0 97128 Bytes 03/11/2010 10:33:00 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, E:, Process scan........................: on Extended process scan...............: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Start of the scan: 07 February 2011 10:14 Starting search for hidden objects. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N tmsSvc\Config\Standalone\drivelist [NOTE] The registry entry is invisible. The scan of running processes will be started Scan process 'iexplore.exe' - '131' Module(s) have been scanned Scan process 'msdtc.exe' - '40' Module(s) have been scanned Scan process 'dllhost.exe' - '59' Module(s) have been scanned Scan process 'dllhost.exe' - '45' Module(s) have been scanned Scan process 'vssvc.exe' - '48' Module(s) have been scanned Scan process 'avscan.exe' - '70' Module(s) have been scanned Scan process 'avcenter.exe' - '63' Module(s) have been scanned Scan process 'iexplore.exe' - '103' Module(s) have been scanned Scan process 'alg.exe' - '33' Module(s) have been scanned Scan process 'iexplore.exe' - '101' Module(s) have been scanned Scan process 'svchost.exe' - '39' Module(s) have been scanned Scan process 'sqlwriter.exe' - '53' Module(s) have been scanned Scan process 'sqlbrowser.exe' - '17' Module(s) have been scanned Scan process 'dpupdchk.exe' - '25' Module(s) have been scanned Scan process 'DLG.exe' - '23' Module(s) have been scanned Scan process 'GoogleToolbarNotifier.exe' - '54' Module(s) have been scanned Scan process 'ctfmon.exe' - '25' Module(s) have been scanned Scan process 'avgnt.exe' - '45' Module(s) have been scanned Scan process 'ipoint.exe' - '55' Module(s) have been scanned Scan process 'itype.exe' - '48' Module(s) have been scanned Scan process 'smax4pnp.exe' - '35' Module(s) have been scanned Scan process 'avshadow.exe' - '26' Module(s) have been scanned Scan process 'sqlservr.exe' - '53' Module(s) have been scanned Scan process 'MDM.EXE' - '21' Module(s) have been scanned Scan process 'avguard.exe' - '53' Module(s) have been scanned Scan process 'Explorer.EXE' - '83' Module(s) have been scanned Scan process 'svchost.exe' - '34' Module(s) have been scanned Scan process 'sched.exe' - '43' Module(s) have been scanned Scan process 'spoolsv.exe' - '55' Module(s) have been scanned Scan process 'svchost.exe' - '37' Module(s) have been scanned Scan process 'svchost.exe' - '32' Module(s) have been scanned Scan process 'svchost.exe' - '168' Module(s) have been scanned Scan process 'svchost.exe' - '38' Module(s) have been scanned Scan process 'svchost.exe' - '53' Module(s) have been scanned Scan process 'Ati2evxx.exe' - '13' Module(s) have been scanned Scan process 'lsass.exe' - '59' Module(s) have been scanned Scan process 'services.exe' - '33' Module(s) have been scanned Scan process 'winlogon.exe' - '71' Module(s) have been scanned Scan process 'csrss.exe' - '12' Module(s) have been scanned Scan process 'smss.exe' - '2' Module(s) have been scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [DETECTION] Contains code of the BOO/Sinowal.F boot sector virus [NOTE] The boot sector was not written! Master boot sector HD2 [iNFO] No virus was found! Master boot sector HD3 [iNFO] No virus was found! Master boot sector HD4 [iNFO] No virus was found! Master boot sector HD5 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'E:\' [DETECTION] Contains code of the BOO/Sinowal.F boot sector virus [NOTE] The boot sector was not written! Starting to scan executable files (registry). The registry was scanned ( '259' files ). Starting the file scan: Begin scan in 'C:\' Begin scan in 'E:\' <My Book> End of the scan: 07 February 2011 11:00 Used time: 46:11 Minute(s) The scan has been done completely. 6171 Scanned directories 392716 Files were scanned 2 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 0 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 392716 Files not concerned 1326 Archives were scanned 0 Warnings 2 Notes 294341 Objects were scanned with rootkit scan 1 Hidden objects were found Did scans of Avira & Malwarebytes in Safemode & Malwarebytes discovered the following Content. IE5\DRFINDMY\pack[1].exe(Rogue.SecurityShield) Content. IE5\DRFINDMY\pack[2].exe(Rogue.SecurityShield) Avira finshed scanning but said the scan was clear. On Malwarebytes I quarantined & then deleted both & was prompted to reboot, which I did. Then re-scanned in normal mode using Avira & Malwarbytes both scanned ok without no virus or malware found As the virus had been found on the E external Hard drive I had unplugged it for saftey. When plug E Drive back into PC keep getting Guard: Autorun message blocked. Access to the file E:\autorum.inf was blocked for your security. This happens twice in quick succession. Did update & Malwarebytes scan, and also an Avira Scan, both including the E Backup Hard Drive. Malwarbytes said there were no detections & that the scan was ok. Avira said there were 2 detections - But after running Avira twice (ran Malwarbytes at same time - Malwarebytes said there was no detections in either) Avira was reporting a different problem on the Master boot sector the 1st being HD1 & the 2nd being HD5 in the two separate runs times! Report finished at 21.23 Master boot sector HD1 [DETECTION] Contains code of the BOO/Sinowal.F boot sector virus [NOTE] The boot sector was not written! Boot sector 'E:\' [DETECTION] Contains code of the BOO/Sinowal.F boot sector virus [NOTE] The boot sector was not written! Report finished at 20.01 Master boot sector HD5 [DETECTION] Contains code of the BOO/Sinowal.F boot sector virus [NOTE] The boot sector was not written! Start scanning boot sectors: [DETECTION] Contains code of the BOO/Sinowal.F boot sector virus [NOTE] The boot sector was not written! Did both Avira & Malwarebytes scans with E drive connected in Safe mode and they were clear no detections. So did a further full scan on Malwarebytes & Avira in normal mode with both programs & with the E drive connected and again they were clear no detections. Posted the results of last Malwarebytes, Avira & Hijack This below Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5706 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 07/02/2011 23:21:29 mbam-log-2011-02-07 (23-21-29).txt Scan type: Full scan (C:\|D:\|E:\|) Objects scanned: 225889 Time elapsed: 58 minute(s), 25 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Avira AntiVir Personal Report file date: 07 February 2011 22:21 Scanning for 2461137 virus strains and unwanted programs. The program is running as an unrestricted full version. Online services are available: Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : USER-Q9NPIFAZX8 Version information: BUILD.DAT : 10.0.0.611 31824 Bytes 14/01/2011 13:42:00 AVSCAN.EXE : 10.0.3.5 435368 Bytes 08/12/2010 10:31:50 AVSCAN.DLL : 10.0.3.0 46440 Bytes 01/04/2010 12:57:04 LUKE.DLL : 10.0.3.2 104296 Bytes 08/12/2010 10:31:52 LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 23:40:49 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 09:05:36 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 10:31:48 VBASE002.VDF : 7.11.0.1 2048 Bytes 14/12/2010 10:31:48 VBASE003.VDF : 7.11.0.2 2048 Bytes 14/12/2010 10:31:48 VBASE004.VDF : 7.11.0.3 2048 Bytes 14/12/2010 10:31:48 VBASE005.VDF : 7.11.0.4 2048 Bytes 14/12/2010 10:31:48 VBASE006.VDF : 7.11.0.5 2048 Bytes 14/12/2010 10:31:48 VBASE007.VDF : 7.11.0.6 2048 Bytes 14/12/2010 10:31:48 VBASE008.VDF : 7.11.0.7 2048 Bytes 14/12/2010 10:31:48 VBASE009.VDF : 7.11.0.8 2048 Bytes 14/12/2010 10:31:48 VBASE010.VDF : 7.11.0.9 2048 Bytes 14/12/2010 10:31:48 VBASE011.VDF : 7.11.0.10 2048 Bytes 14/12/2010 10:31:48 VBASE012.VDF : 7.11.0.11 2048 Bytes 14/12/2010 10:31:48 VBASE013.VDF : 7.11.0.52 128000 Bytes 16/12/2010 11:53:08 VBASE014.VDF : 7.11.0.91 226816 Bytes 20/12/2010 10:31:26 VBASE015.VDF : 7.11.0.122 136192 Bytes 21/12/2010 14:29:05 VBASE016.VDF : 7.11.0.156 122880 Bytes 24/12/2010 12:29:36 VBASE017.VDF : 7.11.0.185 146944 Bytes 27/12/2010 10:31:25 VBASE018.VDF : 7.11.0.228 132608 Bytes 30/12/2010 17:50:36 VBASE019.VDF : 7.11.1.5 148480 Bytes 03/01/2011 10:31:26 VBASE020.VDF : 7.11.1.37 156672 Bytes 07/01/2011 10:31:32 VBASE021.VDF : 7.11.1.65 140800 Bytes 10/01/2011 18:47:26 VBASE022.VDF : 7.11.1.87 225280 Bytes 11/01/2011 10:31:26 VBASE023.VDF : 7.11.1.124 125440 Bytes 14/01/2011 10:31:35 VBASE024.VDF : 7.11.1.155 132096 Bytes 17/01/2011 16:07:31 VBASE025.VDF : 7.11.1.189 451072 Bytes 20/01/2011 16:07:53 VBASE026.VDF : 7.11.1.230 138752 Bytes 24/01/2011 10:31:26 VBASE027.VDF : 7.11.2.12 164352 Bytes 27/01/2011 10:31:28 VBASE028.VDF : 7.11.2.43 178176 Bytes 01/02/2011 14:35:22 VBASE029.VDF : 7.11.2.78 206336 Bytes 04/02/2011 10:31:28 VBASE030.VDF : 7.11.2.79 2048 Bytes 04/02/2011 10:31:28 VBASE031.VDF : 7.11.2.92 66560 Bytes 07/02/2011 21:28:42 Engineversion : 8.2.4.162 AEVDF.DLL : 8.1.2.1 106868 Bytes 30/07/2010 15:28:55 AESCRIPT.DLL : 8.1.3.53 1282427 Bytes 31/01/2011 10:31:54 AESCN.DLL : 8.1.7.2 127349 Bytes 23/11/2010 17:09:23 AESBX.DLL : 8.1.3.2 254324 Bytes 23/11/2010 17:09:37 AERDL.DLL : 8.1.9.2 635252 Bytes 22/09/2010 14:28:48 AEPACK.DLL : 8.2.4.9 512374 Bytes 31/01/2011 10:31:51 AEOFFICE.DLL : 8.1.1.16 205179 Bytes 31/01/2011 10:31:46 AEHEUR.DLL : 8.1.2.73 3207541 Bytes 04/02/2011 10:31:33 AEHELP.DLL : 8.1.16.1 246134 Bytes 04/02/2011 10:31:27 AEGEN.DLL : 8.1.5.2 397683 Bytes 20/01/2011 16:08:15 AEEMU.DLL : 8.1.3.0 393589 Bytes 23/11/2010 17:08:59 AECORE.DLL : 8.1.19.2 196983 Bytes 20/01/2011 16:08:06 AEBB.DLL : 8.1.1.0 53618 Bytes 05/06/2010 19:13:12 AVWINLL.DLL : 10.0.0.0 19304 Bytes 14/01/2010 12:03:38 AVPREF.DLL : 10.0.0.0 44904 Bytes 14/01/2010 12:03:35 AVREP.DLL : 10.0.0.8 62209 Bytes 18/02/2010 16:47:40 AVREG.DLL : 10.0.3.2 53096 Bytes 03/11/2010 10:33:00 AVSCPLR.DLL : 10.0.3.2 84328 Bytes 08/12/2010 10:31:51 AVARKT.DLL : 10.0.22.6 231784 Bytes 08/12/2010 10:31:47 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26/01/2010 09:53:30 SQLITE3.DLL : 3.6.19.0 355688 Bytes 28/01/2010 12:57:58 AVSMTP.DLL : 10.0.0.17 63848 Bytes 16/03/2010 15:38:56 NETNT.DLL : 10.0.0.0 11624 Bytes 19/02/2010 14:41:00 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/01/2010 13:10:20 RCTEXT.DLL : 10.0.58.0 97128 Bytes 03/11/2010 10:33:00 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, E:, Process scan........................: on Extended process scan...............: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Start of the scan: 07 February 2011 22:21 Starting search for hidden objects. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N tmsSvc\Config\Standalone\drivelist [NOTE] The registry entry is invisible. The scan of running processes will be started Scan process 'notepad.exe' - '27' Module(s) have been scanned Scan process 'notepad.exe' - '27' Module(s) have been scanned Scan process 'dllhost.exe' - '45' Module(s) have been scanned Scan process 'vssvc.exe' - '48' Module(s) have been scanned Scan process 'avscan.exe' - '70' Module(s) have been scanned Scan process 'mbam.exe' - '56' Module(s) have been scanned Scan process 'avcenter.exe' - '71' Module(s) have been scanned Scan process 'iexplore.exe' - '126' Module(s) have been scanned Scan process 'iexplore.exe' - '70' Module(s) have been scanned Scan process 'msdtc.exe' - '40' Module(s) have been scanned Scan process 'dllhost.exe' - '59' Module(s) have been scanned Scan process 'dpupdchk.exe' - '26' Module(s) have been scanned Scan process 'DLG.exe' - '22' Module(s) have been scanned Scan process 'GoogleToolbarNotifier.exe' - '54' Module(s) have been scanned Scan process 'ctfmon.exe' - '25' Module(s) have been scanned Scan process 'avgnt.exe' - '46' Module(s) have been scanned Scan process 'ipoint.exe' - '54' Module(s) have been scanned Scan process 'itype.exe' - '53' Module(s) have been scanned Scan process 'smax4pnp.exe' - '35' Module(s) have been scanned Scan process 'Explorer.EXE' - '88' Module(s) have been scanned Scan process 'alg.exe' - '33' Module(s) have been scanned Scan process 'svchost.exe' - '39' Module(s) have been scanned Scan process 'avshadow.exe' - '26' Module(s) have been scanned Scan process 'sqlwriter.exe' - '53' Module(s) have been scanned Scan process 'sqlbrowser.exe' - '17' Module(s) have been scanned Scan process 'sqlservr.exe' - '53' Module(s) have been scanned Scan process 'MDM.EXE' - '21' Module(s) have been scanned Scan process 'avguard.exe' - '53' Module(s) have been scanned Scan process 'svchost.exe' - '34' Module(s) have been scanned Scan process 'sched.exe' - '45' Module(s) have been scanned Scan process 'spoolsv.exe' - '55' Module(s) have been scanned Scan process 'svchost.exe' - '37' Module(s) have been scanned Scan process 'svchost.exe' - '32' Module(s) have been scanned Scan process 'svchost.exe' - '167' Module(s) have been scanned Scan process 'svchost.exe' - '38' Module(s) have been scanned Scan process 'svchost.exe' - '53' Module(s) have been scanned Scan process 'Ati2evxx.exe' - '13' Module(s) have been scanned Scan process 'lsass.exe' - '59' Module(s) have been scanned Scan process 'services.exe' - '33' Module(s) have been scanned Scan process 'winlogon.exe' - '74' Module(s) have been scanned Scan process 'csrss.exe' - '12' Module(s) have been scanned Scan process 'smss.exe' - '2' Module(s) have been scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! Master boot sector HD2 [iNFO] No virus was found! Master boot sector HD3 [iNFO] No virus was found! Master boot sector HD4 [iNFO] No virus was found! Master boot sector HD5 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'E:\' [iNFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '360' files ). Starting the file scan: Begin scan in 'C:\' Begin scan in 'E:\' <My Book> End of the scan: 07 February 2011 23:34 Used time: 1:12:30 Hour(s) The scan has been done completely. 6172 Scanned directories 387180 Files were scanned 0 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 0 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 387180 Files not concerned 1322 Archives were scanned 0 Warnings 0 Notes 285558 Objects were scanned with rootkit scan 1 Hidden objects were found Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:36:59, on 07/02/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe C:\WINDOWS\System32\dllhost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\dllhost.exe C:\WINDOWS\System32\vssvc.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\s wg.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [uIUCU] C:\DOCUME~1\David\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E117 12C84EA7E12B.dll/cmsidewiki.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1272723293296 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) -- End of file - 7131 bytes Does this now mean the sytem is now clear or is the ****** just hiding in the Master Boot Record, getting all the info it wants from our PC, and not being detected by Malwarebytes or Avira anymore? Have done Avira & Malware full scans this morning & they are still clear. Would really appreciate some advice pref not too technical as all this is a bit daunting. Also Malwarebytes updates for users is still greyed out ie cant update from user account page, but can update on Administrator which then updates the Users accounts? Do I still need to go through the rest of the instructions on 'I'm infected - What do I do now', as according to Avira & Malwarebytes reports the system is clear now? Sorry for such a huge post, look forward to your replies!

Hi Pc runs XP Service Pack 3 & Avira Antivirus, plus Malwarebytes. Cant update Malwarebytes on user Account pages get following message Error has occured. Please report error code to our support team. PROGRAM_ERROR_UPDATING(5,0,Createfile) Acces is denied. But can update on Administrator Have got two detections of Malware found both the same apart from different Boot sector on 7th Feb. E is my backup harddrive does this mean virus has access to this? The Avira detection for E only occurred on yesterday's scan. The file 'Boot sector 'E:\'' contained a virus or unwanted program 'BOO/Sinowal.F' [virus] Action(s) taken: Contains code of the BOO/Sinowal.F boot sector virus. The boot sector was not written! Also The file 'Master boot sector HD1' contained a virus or unwanted program 'BOO/Sinowal.F' [virus] Action(s) taken: Contains code of the BOO/Sinowal.F boot sector virus. The boot sector was not written! On events noticed this as far back as 08/01/2011 The file 'Master boot sector HD1' contained a virus or unwanted program 'BOO/Sinowal.F' [virus] Action(s) taken: Contains code of the BOO/Sinowal.F boot sector virus. The boot sector was not written! Avira doesnt give the option to delete of quarantine. As Malwarebytes isnt updating could the virus have disabled this? Have tried to look for info on the net for this and came across this http://www.geekstogo.com/forum/topic...9-boosinowalf/ which really alarmed me. Unfortunately my husband uses this PC & hadnt taken onboard the significance of Avira failing to remove the Malware! Avira records only go back to begin of Jan & the there are continued records from then of the virus being on Master Boot HD1. Have only found out about this this morning! This is the Avira scan from notepad Avira AntiVir Personal Report file date: 07 February 2011 10:14 Scanning for 2456743 virus strains and unwanted programs. The program is running as an unrestricted full version. Online services are available: Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : USER-Q9NPIFAZX8 Version information: BUILD.DAT : 10.0.0.611 31824 Bytes 14/01/2011 13:42:00 AVSCAN.EXE : 10.0.3.5 435368 Bytes 08/12/2010 10:31:50 AVSCAN.DLL : 10.0.3.0 46440 Bytes 01/04/2010 12:57:04 LUKE.DLL : 10.0.3.2 104296 Bytes 08/12/2010 10:31:52 LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 23:40:49 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 09:05:36 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 10:31:48 VBASE002.VDF : 7.11.0.1 2048 Bytes 14/12/2010 10:31:48 VBASE003.VDF : 7.11.0.2 2048 Bytes 14/12/2010 10:31:48 VBASE004.VDF : 7.11.0.3 2048 Bytes 14/12/2010 10:31:48 VBASE005.VDF : 7.11.0.4 2048 Bytes 14/12/2010 10:31:48 VBASE006.VDF : 7.11.0.5 2048 Bytes 14/12/2010 10:31:48 VBASE007.VDF : 7.11.0.6 2048 Bytes 14/12/2010 10:31:48 VBASE008.VDF : 7.11.0.7 2048 Bytes 14/12/2010 10:31:48 VBASE009.VDF : 7.11.0.8 2048 Bytes 14/12/2010 10:31:48 VBASE010.VDF : 7.11.0.9 2048 Bytes 14/12/2010 10:31:48 VBASE011.VDF : 7.11.0.10 2048 Bytes 14/12/2010 10:31:48 VBASE012.VDF : 7.11.0.11 2048 Bytes 14/12/2010 10:31:48 VBASE013.VDF : 7.11.0.52 128000 Bytes 16/12/2010 11:53:08 VBASE014.VDF : 7.11.0.91 226816 Bytes 20/12/2010 10:31:26 VBASE015.VDF : 7.11.0.122 136192 Bytes 21/12/2010 14:29:05 VBASE016.VDF : 7.11.0.156 122880 Bytes 24/12/2010 12:29:36 VBASE017.VDF : 7.11.0.185 146944 Bytes 27/12/2010 10:31:25 VBASE018.VDF : 7.11.0.228 132608 Bytes 30/12/2010 17:50:36 VBASE019.VDF : 7.11.1.5 148480 Bytes 03/01/2011 10:31:26 VBASE020.VDF : 7.11.1.37 156672 Bytes 07/01/2011 10:31:32 VBASE021.VDF : 7.11.1.65 140800 Bytes 10/01/2011 18:47:26 VBASE022.VDF : 7.11.1.87 225280 Bytes 11/01/2011 10:31:26 VBASE023.VDF : 7.11.1.124 125440 Bytes 14/01/2011 10:31:35 VBASE024.VDF : 7.11.1.155 132096 Bytes 17/01/2011 16:07:31 VBASE025.VDF : 7.11.1.189 451072 Bytes 20/01/2011 16:07:53 VBASE026.VDF : 7.11.1.230 138752 Bytes 24/01/2011 10:31:26 VBASE027.VDF : 7.11.2.12 164352 Bytes 27/01/2011 10:31:28 VBASE028.VDF : 7.11.2.43 178176 Bytes 01/02/2011 14:35:22 VBASE029.VDF : 7.11.2.78 206336 Bytes 04/02/2011 10:31:28 VBASE030.VDF : 7.11.2.79 2048 Bytes 04/02/2011 10:31:28 VBASE031.VDF : 7.11.2.80 2048 Bytes 04/02/2011 10:31:28 Engineversion : 8.2.4.162 AEVDF.DLL : 8.1.2.1 106868 Bytes 30/07/2010 15:28:55 AESCRIPT.DLL : 8.1.3.53 1282427 Bytes 31/01/2011 10:31:54 AESCN.DLL : 8.1.7.2 127349 Bytes 23/11/2010 17:09:23 AESBX.DLL : 8.1.3.2 254324 Bytes 23/11/2010 17:09:37 AERDL.DLL : 8.1.9.2 635252 Bytes 22/09/2010 14:28:48 AEPACK.DLL : 8.2.4.9 512374 Bytes 31/01/2011 10:31:51 AEOFFICE.DLL : 8.1.1.16 205179 Bytes 31/01/2011 10:31:46 AEHEUR.DLL : 8.1.2.73 3207541 Bytes 04/02/2011 10:31:33 AEHELP.DLL : 8.1.16.1 246134 Bytes 04/02/2011 10:31:27 AEGEN.DLL : 8.1.5.2 397683 Bytes 20/01/2011 16:08:15 AEEMU.DLL : 8.1.3.0 393589 Bytes 23/11/2010 17:08:59 AECORE.DLL : 8.1.19.2 196983 Bytes 20/01/2011 16:08:06 AEBB.DLL : 8.1.1.0 53618 Bytes 05/06/2010 19:13:12 AVWINLL.DLL : 10.0.0.0 19304 Bytes 14/01/2010 12:03:38 AVPREF.DLL : 10.0.0.0 44904 Bytes 14/01/2010 12:03:35 AVREP.DLL : 10.0.0.8 62209 Bytes 18/02/2010 16:47:40 AVREG.DLL : 10.0.3.2 53096 Bytes 03/11/2010 10:33:00 AVSCPLR.DLL : 10.0.3.2 84328 Bytes 08/12/2010 10:31:51 AVARKT.DLL : 10.0.22.6 231784 Bytes 08/12/2010 10:31:47 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26/01/2010 09:53:30 SQLITE3.DLL : 3.6.19.0 355688 Bytes 28/01/2010 12:57:58 AVSMTP.DLL : 10.0.0.17 63848 Bytes 16/03/2010 15:38:56 NETNT.DLL : 10.0.0.0 11624 Bytes 19/02/2010 14:41:00 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/01/2010 13:10:20 RCTEXT.DLL : 10.0.58.0 97128 Bytes 03/11/2010 10:33:00 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, E:, Process scan........................: on Extended process scan...............: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Start of the scan: 07 February 2011 10:14 Starting search for hidden objects. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N tmsSvc\Config\Standalone\drivelist [NOTE] The registry entry is invisible. The scan of running processes will be started Scan process 'iexplore.exe' - '131' Module(s) have been scanned Scan process 'msdtc.exe' - '40' Module(s) have been scanned Scan process 'dllhost.exe' - '59' Module(s) have been scanned Scan process 'dllhost.exe' - '45' Module(s) have been scanned Scan process 'vssvc.exe' - '48' Module(s) have been scanned Scan process 'avscan.exe' - '70' Module(s) have been scanned Scan process 'avcenter.exe' - '63' Module(s) have been scanned Scan process 'iexplore.exe' - '103' Module(s) have been scanned Scan process 'alg.exe' - '33' Module(s) have been scanned Scan process 'iexplore.exe' - '101' Module(s) have been scanned Scan process 'svchost.exe' - '39' Module(s) have been scanned Scan process 'sqlwriter.exe' - '53' Module(s) have been scanned Scan process 'sqlbrowser.exe' - '17' Module(s) have been scanned Scan process 'dpupdchk.exe' - '25' Module(s) have been scanned Scan process 'DLG.exe' - '23' Module(s) have been scanned Scan process 'GoogleToolbarNotifier.exe' - '54' Module(s) have been scanned Scan process 'ctfmon.exe' - '25' Module(s) have been scanned Scan process 'avgnt.exe' - '45' Module(s) have been scanned Scan process 'ipoint.exe' - '55' Module(s) have been scanned Scan process 'itype.exe' - '48' Module(s) have been scanned Scan process 'smax4pnp.exe' - '35' Module(s) have been scanned Scan process 'avshadow.exe' - '26' Module(s) have been scanned Scan process 'sqlservr.exe' - '53' Module(s) have been scanned Scan process 'MDM.EXE' - '21' Module(s) have been scanned Scan process 'avguard.exe' - '53' Module(s) have been scanned Scan process 'Explorer.EXE' - '83' Module(s) have been scanned Scan process 'svchost.exe' - '34' Module(s) have been scanned Scan process 'sched.exe' - '43' Module(s) have been scanned Scan process 'spoolsv.exe' - '55' Module(s) have been scanned Scan process 'svchost.exe' - '37' Module(s) have been scanned Scan process 'svchost.exe' - '32' Module(s) have been scanned Scan process 'svchost.exe' - '168' Module(s) have been scanned Scan process 'svchost.exe' - '38' Module(s) have been scanned Scan process 'svchost.exe' - '53' Module(s) have been scanned Scan process 'Ati2evxx.exe' - '13' Module(s) have been scanned Scan process 'lsass.exe' - '59' Module(s) have been scanned Scan process 'services.exe' - '33' Module(s) have been scanned Scan process 'winlogon.exe' - '71' Module(s) have been scanned Scan process 'csrss.exe' - '12' Module(s) have been scanned Scan process 'smss.exe' - '2' Module(s) have been scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [DETECTION] Contains code of the BOO/Sinowal.F boot sector virus [NOTE] The boot sector was not written! Master boot sector HD2 [iNFO] No virus was found! Master boot sector HD3 [iNFO] No virus was found! Master boot sector HD4 [iNFO] No virus was found! Master boot sector HD5 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'E:\' [DETECTION] Contains code of the BOO/Sinowal.F boot sector virus [NOTE] The boot sector was not written! Starting to scan executable files (registry). The registry was scanned ( '259' files ). Starting the file scan: Begin scan in 'C:\' Begin scan in 'E:\' <My Book> End of the scan: 07 February 2011 11:00 Used time: 46:11 Minute(s) The scan has been done completely. 6171 Scanned directories 392716 Files were scanned 2 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 0 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 392716 Files not concerned 1326 Archives were scanned 0 Warnings 2 Notes 294341 Objects were scanned with rootkit scan 1 Hidden objects were found Did scans of Avira & Malwarebytes in Safemode & Malwarebytes discovered the following Content. IE5\DRFINDMY\pack[1].exe(Rogue.SecurityShield) Content. IE5\DRFINDMY\pack[2].exe(Rogue.SecurityShield) Avira finshed scanning but said the scan was clear. On Malwarebytes I quarantined & then deleted both & was prompted to reboot, which I did. Then re-scanned in normal mode using Avira & Malwarbytes both scanned ok without no virus or malware found As the virus had been found on the E external Hard drive I had unplugged it for saftey. When plug E Drive back into PC keep getting Guard: Autorun message blocked. Access to the file E:\autorum.inf was blocked for your security. This happens twice in quick succession. Did update & Malwarebytes scan, and also an Avira Scan, both including the E Backup Hard Drive. Malwarbytes said there were no detections & that the scan was ok. Avira said there were 2 detections - But after running Avira twice (ran Malwarbytes at same time - Malwarebytes said there was no detections in either) it was reporting a different problem on the Master boot sector the 1st being HD1 & the 2nd being HD5 in the two separate runs times! Report finished at 21.23 Master boot sector HD1 [DETECTION] Contains code of the BOO/Sinowal.F boot sector virus [NOTE] The boot sector was not written! Boot sector 'E:\' [DETECTION] Contains code of the BOO/Sinowal.F boot sector virus [NOTE] The boot sector was not written! Report finished at 20.01 Master boot sector HD5 [DETECTION] Contains code of the BOO/Sinowal.F boot sector virus [NOTE] The boot sector was not written! Start scanning boot sectors: [DETECTION] Contains code of the BOO/Sinowal.F boot sector virus [NOTE] The boot sector was not written! Did both Avira & Malwarebytes scans with E drive connected in Safe mode and they were clear no detections. So did a further full scan on Malwarebytes & Avira in normal mode with both programs & with the E drive connected and again they were clear no detections. Posted the results of last Malwarebytes, Avira & Hijack This below Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5706 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 07/02/2011 23:21:29 mbam-log-2011-02-07 (23-21-29).txt Scan type: Full scan (C:\|D:\|E:\|) Objects scanned: 225889 Time elapsed: 58 minute(s), 25 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Avira AntiVir Personal Report file date: 07 February 2011 22:21 Scanning for 2461137 virus strains and unwanted programs. The program is running as an unrestricted full version. Online services are available: Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : USER-Q9NPIFAZX8 Version information: BUILD.DAT : 10.0.0.611 31824 Bytes 14/01/2011 13:42:00 AVSCAN.EXE : 10.0.3.5 435368 Bytes 08/12/2010 10:31:50 AVSCAN.DLL : 10.0.3.0 46440 Bytes 01/04/2010 12:57:04 LUKE.DLL : 10.0.3.2 104296 Bytes 08/12/2010 10:31:52 LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 23:40:49 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 09:05:36 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 10:31:48 VBASE002.VDF : 7.11.0.1 2048 Bytes 14/12/2010 10:31:48 VBASE003.VDF : 7.11.0.2 2048 Bytes 14/12/2010 10:31:48 VBASE004.VDF : 7.11.0.3 2048 Bytes 14/12/2010 10:31:48 VBASE005.VDF : 7.11.0.4 2048 Bytes 14/12/2010 10:31:48 VBASE006.VDF : 7.11.0.5 2048 Bytes 14/12/2010 10:31:48 VBASE007.VDF : 7.11.0.6 2048 Bytes 14/12/2010 10:31:48 VBASE008.VDF : 7.11.0.7 2048 Bytes 14/12/2010 10:31:48 VBASE009.VDF : 7.11.0.8 2048 Bytes 14/12/2010 10:31:48 VBASE010.VDF : 7.11.0.9 2048 Bytes 14/12/2010 10:31:48 VBASE011.VDF : 7.11.0.10 2048 Bytes 14/12/2010 10:31:48 VBASE012.VDF : 7.11.0.11 2048 Bytes 14/12/2010 10:31:48 VBASE013.VDF : 7.11.0.52 128000 Bytes 16/12/2010 11:53:08 VBASE014.VDF : 7.11.0.91 226816 Bytes 20/12/2010 10:31:26 VBASE015.VDF : 7.11.0.122 136192 Bytes 21/12/2010 14:29:05 VBASE016.VDF : 7.11.0.156 122880 Bytes 24/12/2010 12:29:36 VBASE017.VDF : 7.11.0.185 146944 Bytes 27/12/2010 10:31:25 VBASE018.VDF : 7.11.0.228 132608 Bytes 30/12/2010 17:50:36 VBASE019.VDF : 7.11.1.5 148480 Bytes 03/01/2011 10:31:26 VBASE020.VDF : 7.11.1.37 156672 Bytes 07/01/2011 10:31:32 VBASE021.VDF : 7.11.1.65 140800 Bytes 10/01/2011 18:47:26 VBASE022.VDF : 7.11.1.87 225280 Bytes 11/01/2011 10:31:26 VBASE023.VDF : 7.11.1.124 125440 Bytes 14/01/2011 10:31:35 VBASE024.VDF : 7.11.1.155 132096 Bytes 17/01/2011 16:07:31 VBASE025.VDF : 7.11.1.189 451072 Bytes 20/01/2011 16:07:53 VBASE026.VDF : 7.11.1.230 138752 Bytes 24/01/2011 10:31:26 VBASE027.VDF : 7.11.2.12 164352 Bytes 27/01/2011 10:31:28 VBASE028.VDF : 7.11.2.43 178176 Bytes 01/02/2011 14:35:22 VBASE029.VDF : 7.11.2.78 206336 Bytes 04/02/2011 10:31:28 VBASE030.VDF : 7.11.2.79 2048 Bytes 04/02/2011 10:31:28 VBASE031.VDF : 7.11.2.92 66560 Bytes 07/02/2011 21:28:42 Engineversion : 8.2.4.162 AEVDF.DLL : 8.1.2.1 106868 Bytes 30/07/2010 15:28:55 AESCRIPT.DLL : 8.1.3.53 1282427 Bytes 31/01/2011 10:31:54 AESCN.DLL : 8.1.7.2 127349 Bytes 23/11/2010 17:09:23 AESBX.DLL : 8.1.3.2 254324 Bytes 23/11/2010 17:09:37 AERDL.DLL : 8.1.9.2 635252 Bytes 22/09/2010 14:28:48 AEPACK.DLL : 8.2.4.9 512374 Bytes 31/01/2011 10:31:51 AEOFFICE.DLL : 8.1.1.16 205179 Bytes 31/01/2011 10:31:46 AEHEUR.DLL : 8.1.2.73 3207541 Bytes 04/02/2011 10:31:33 AEHELP.DLL : 8.1.16.1 246134 Bytes 04/02/2011 10:31:27 AEGEN.DLL : 8.1.5.2 397683 Bytes 20/01/2011 16:08:15 AEEMU.DLL : 8.1.3.0 393589 Bytes 23/11/2010 17:08:59 AECORE.DLL : 8.1.19.2 196983 Bytes 20/01/2011 16:08:06 AEBB.DLL : 8.1.1.0 53618 Bytes 05/06/2010 19:13:12 AVWINLL.DLL : 10.0.0.0 19304 Bytes 14/01/2010 12:03:38 AVPREF.DLL : 10.0.0.0 44904 Bytes 14/01/2010 12:03:35 AVREP.DLL : 10.0.0.8 62209 Bytes 18/02/2010 16:47:40 AVREG.DLL : 10.0.3.2 53096 Bytes 03/11/2010 10:33:00 AVSCPLR.DLL : 10.0.3.2 84328 Bytes 08/12/2010 10:31:51 AVARKT.DLL : 10.0.22.6 231784 Bytes 08/12/2010 10:31:47 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26/01/2010 09:53:30 SQLITE3.DLL : 3.6.19.0 355688 Bytes 28/01/2010 12:57:58 AVSMTP.DLL : 10.0.0.17 63848 Bytes 16/03/2010 15:38:56 NETNT.DLL : 10.0.0.0 11624 Bytes 19/02/2010 14:41:00 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/01/2010 13:10:20 RCTEXT.DLL : 10.0.58.0 97128 Bytes 03/11/2010 10:33:00 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, E:, Process scan........................: on Extended process scan...............: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Start of the scan: 07 February 2011 22:21 Starting search for hidden objects. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N tmsSvc\Config\Standalone\drivelist [NOTE] The registry entry is invisible. The scan of running processes will be started Scan process 'notepad.exe' - '27' Module(s) have been scanned Scan process 'notepad.exe' - '27' Module(s) have been scanned Scan process 'dllhost.exe' - '45' Module(s) have been scanned Scan process 'vssvc.exe' - '48' Module(s) have been scanned Scan process 'avscan.exe' - '70' Module(s) have been scanned Scan process 'mbam.exe' - '56' Module(s) have been scanned Scan process 'avcenter.exe' - '71' Module(s) have been scanned Scan process 'iexplore.exe' - '126' Module(s) have been scanned Scan process 'iexplore.exe' - '70' Module(s) have been scanned Scan process 'msdtc.exe' - '40' Module(s) have been scanned Scan process 'dllhost.exe' - '59' Module(s) have been scanned Scan process 'dpupdchk.exe' - '26' Module(s) have been scanned Scan process 'DLG.exe' - '22' Module(s) have been scanned Scan process 'GoogleToolbarNotifier.exe' - '54' Module(s) have been scanned Scan process 'ctfmon.exe' - '25' Module(s) have been scanned Scan process 'avgnt.exe' - '46' Module(s) have been scanned Scan process 'ipoint.exe' - '54' Module(s) have been scanned Scan process 'itype.exe' - '53' Module(s) have been scanned Scan process 'smax4pnp.exe' - '35' Module(s) have been scanned Scan process 'Explorer.EXE' - '88' Module(s) have been scanned Scan process 'alg.exe' - '33' Module(s) have been scanned Scan process 'svchost.exe' - '39' Module(s) have been scanned Scan process 'avshadow.exe' - '26' Module(s) have been scanned Scan process 'sqlwriter.exe' - '53' Module(s) have been scanned Scan process 'sqlbrowser.exe' - '17' Module(s) have been scanned Scan process 'sqlservr.exe' - '53' Module(s) have been scanned Scan process 'MDM.EXE' - '21' Module(s) have been scanned Scan process 'avguard.exe' - '53' Module(s) have been scanned Scan process 'svchost.exe' - '34' Module(s) have been scanned Scan process 'sched.exe' - '45' Module(s) have been scanned Scan process 'spoolsv.exe' - '55' Module(s) have been scanned Scan process 'svchost.exe' - '37' Module(s) have been scanned Scan process 'svchost.exe' - '32' Module(s) have been scanned Scan process 'svchost.exe' - '167' Module(s) have been scanned Scan process 'svchost.exe' - '38' Module(s) have been scanned Scan process 'svchost.exe' - '53' Module(s) have been scanned Scan process 'Ati2evxx.exe' - '13' Module(s) have been scanned Scan process 'lsass.exe' - '59' Module(s) have been scanned Scan process 'services.exe' - '33' Module(s) have been scanned Scan process 'winlogon.exe' - '74' Module(s) have been scanned Scan process 'csrss.exe' - '12' Module(s) have been scanned Scan process 'smss.exe' - '2' Module(s) have been scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! Master boot sector HD2 [iNFO] No virus was found! Master boot sector HD3 [iNFO] No virus was found! Master boot sector HD4 [iNFO] No virus was found! Master boot sector HD5 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'E:\' [iNFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '360' files ). Starting the file scan: Begin scan in 'C:\' Begin scan in 'E:\' <My Book> End of the scan: 07 February 2011 23:34 Used time: 1:12:30 Hour(s) The scan has been done completely. 6172 Scanned directories 387180 Files were scanned 0 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 0 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 387180 Files not concerned 1322 Archives were scanned 0 Warnings 0 Notes 285558 Objects were scanned with rootkit scan 1 Hidden objects were found Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:36:59, on 07/02/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe C:\WINDOWS\System32\dllhost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\dllhost.exe C:\WINDOWS\System32\vssvc.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\s wg.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [uIUCU] C:\DOCUME~1\David\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E117 12C84EA7E12B.dll/cmsidewiki.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1272723293296 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) -- End of file - 7131 bytes Does this now mean the sytem is now clear or is the ****** just hiding in the Master Boot Record, getting all the info it wants from our PC, and not being detected by Malwarebytes or Avira anymore? Have done Avira & Malware full scans this morning & they are still clear. Would really appreciate some advice pref not too technical as all this is a bit daunting. Also Malwarebytes updates for users is still greyed out ie cant update from user account page, but can on Administrator which then updates the Users accounts? Sorry for such a huge post, look forward to your replies!