Msiexec.exe is Infected!!!

[Ruby]

Hello xblade12100

Sorry for the delay in may answers.
Please post back a fresh ComboFix log.

[xblade12100]

Hey Rudy,

Here is the log

ComboFix 08-02-15.1 - Jim 2008-02-15 15:47:07.4 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.491 [GMT -5:00]
Running from: C:\Documents and Settings\Jim\Desktop\ComboFix.exe
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp:
.
(((((((((((((((((((((((((   Files Created from 2008-01-15 to 2008-02-15  )))))))))))))))))))))))))))))))
.

2008-02-14 19:14 . 2008-02-14 19:14   <DIR>   d--------   C:\Documents and Settings\Jim\Application Data\Grisoft
2008-02-14 19:10 . 2007-05-30 07:10   10,872   --a------   C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-13 16:34 . 2007-04-17 04:28   2,455,488   -----c---   C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-02-13 16:34 . 2007-02-09 08:26   991,232   -----c---   C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-02-12 17:15 . 2008-02-09 11:20   31,280   --a------   C:\WINDOWS\system32\rrMon.sys
2008-02-12 15:40 . 2008-02-12 15:40   <DIR>   d--------   C:\Program Files\Avira
2008-02-12 15:40 . 2008-02-12 15:40   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Avira
2008-02-12 15:37 . 2008-02-12 17:15   <DIR>   d--------   C:\Program Files\Registrar Registry Manager
2008-02-11 18:43 . 2008-02-11 18:43   <DIR>   d--------   C:\Documents and Settings\Jim\DoctorWeb
2008-02-11 13:06 . 2008-02-11 15:13   250   --a------   C:\WINDOWS\gmer.ini
2008-02-11 13:02 . 2008-02-11 13:02   <DIR>   d--------   C:\Program Files\rootkitrevealer
2008-02-11 12:55 . 2008-02-11 12:55   <DIR>   d--------   C:\Program Files\CleanUp!
2008-02-11 08:35 . 2004-08-04 07:00   388,608   --a------   C:\kmd.exe
2008-02-09 08:52 . 2008-02-09 10:07   <DIR>   d--------   C:\Documents and Settings\Jim\Application Data\DMCache
2008-02-08 17:29 . 2008-02-08 17:29   <DIR>   d--------   C:\Deckard
2008-02-07 10:58 . 2003-03-13 12:51   51,200   --a------   C:\WINDOWS\system32\camcodec.dll
2008-02-07 10:58 . 2003-03-13 12:51   1,461   --a------   C:\WINDOWS\system32\drivers\camcodec.inf
2008-02-05 16:43 . 2008-02-05 16:43   <DIR>   d--------   C:\Program Files\Trend Micro
2008-02-03 11:03 . 2008-02-03 11:03   <DIR>   d--------   C:\Program Files\AVSMedia
2008-02-03 09:51 . 2008-02-15 15:31   54,156   --ah-----   C:\WINDOWS\QTFont.qfn
2008-02-03 09:51 . 2008-02-03 09:51   1,409   --a------   C:\WINDOWS\QTFont.for
2008-02-02 09:49 . 2008-02-02 09:49   <DIR>   d--------   C:\Program Files\Microsoft Windows OneCare Live
2008-02-01 09:48 . 2008-02-01 09:49   <DIR>   d--------   C:\Program Files\Common Files\xing shared
2008-01-31 23:03 . 2008-02-05 20:34   <DIR>   d--------   C:\Documents and Settings\Jim\Application Data\Search Settings
2008-01-31 22:37 . 2008-01-31 22:37   <DIR>   d--------   C:\Program Files\Common Files\SWF Studio
2008-01-31 22:36 . 2008-01-31 22:40   <DIR>   d--------   C:\Documents and Settings\Jim\Application Data\Dealio
2008-01-31 20:21 . 2008-01-31 20:21   <DIR>   d--------   C:\SICKO
2008-01-30 16:04 . 2008-02-14 18:50   2,544   --a------   C:\rollback.ini
2008-01-30 15:44 . 2007-11-14 16:05   1,086,952   --a------   C:\WINDOWS\system32\zpeng24.dll
2008-01-29 19:48 . 2008-01-29 19:48   <DIR>   d--------   C:\Documents and Settings\Jim\Application Data\MailFrontier
2008-01-29 19:43 . 2008-02-15 15:52   23,607,840   --ahs----   C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-29 19:43 . 2008-02-15 08:19   316,868   --ahs----   C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-29 19:37 . 2008-01-29 20:29   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-01-29 19:36 . 2007-11-14 16:05   75,248   --a------   C:\WINDOWS\zllsputility.exe
2008-01-29 19:35 . 2008-02-12 15:48   <DIR>   d--------   C:\WINDOWS\system32\ZoneLabs
2008-01-29 19:35 . 2008-01-29 19:35   <DIR>   d--------   C:\Program Files\Zone Labs
2008-01-29 19:35 . 2008-02-15 15:32   355,090   --a------   C:\WINDOWS\system32\vsconfig.xml
2008-01-28 17:53 . 2008-01-31 23:23   <DIR>   d--------   C:\Documents and Settings\Jim\Application Data\Vso
2008-01-28 17:53 . 2008-01-28 17:53   47,360   --a------   C:\WINDOWS\system32\drivers\pcouffin.sys
2008-01-28 17:53 . 2008-01-31 23:23   47,360   --a------   C:\Documents and Settings\Jim\Application Data\pcouffin.sys
2008-01-22 19:46 . 2008-01-28 17:44   <DIR>   d--------   C:\Documents and Settings\Jim\dwhelper
2008-01-20 17:44 . 2008-01-20 17:44   <DIR>   d--------   C:\Documents and Settings\Jim\Application Data\MozillaControl
2008-01-20 16:27 . 2008-01-21 18:09   <DIR>   d--------   C:\Program Files\Opera
2008-01-19 22:36 . 2008-02-13 20:03   <DIR>   d--------   C:\Documents and Settings\Jim\Application Data\SiteAdvisor
2008-01-19 22:36 . 2008-01-19 22:36   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-01-19 22:36 . 2008-01-19 22:36   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-19 22:16 . 2008-01-19 22:16   <DIR>   d--------   C:\Program Files\Alwil Software
2008-01-17 16:50 . 2008-01-17 16:50   <DIR>   d--------   C:\Program Files\iPod
2008-01-16 18:42 . 2008-01-16 18:42   27,496   --a------   C:\Documents and Settings\Jim\Application Data\GDIPFONTCACHEV1.DAT
2008-01-16 18:14 . 2008-01-16 18:14   <DIR>   d--------   C:\Program Files\MSBuild
2008-01-16 18:09 . 2008-01-16 18:09   <DIR>   d--------   C:\WINDOWS\system32\XPSViewer
2008-01-16 18:09 . 2008-01-16 18:09   <DIR>   d--------   C:\Program Files\Reference Assemblies
2008-01-16 18:08 . 2006-06-29 13:07   14,048   ---------   C:\WINDOWS\system32\spmsg2.dll
2008-01-16 17:37 . 2008-01-16 17:37   <DIR>   d--------   C:\Program Files\SystemRequirementsLab
2008-01-16 17:37 . 2008-01-16 17:37   <DIR>   d--------   C:\Documents and Settings\Jim\Application Data\SystemRequirementsLab

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-15 13:19   62,464   ----a-w   C:\WINDOWS\Internet Logs\xDBA.tmp
2008-02-15 13:00   ---------   d-----w   C:\Documents and Settings\Jim\Application Data\AVG7
2008-02-15 02:31   335,872   ----a-w   C:\WINDOWS\Internet Logs\xDB9.tmp
2008-02-15 00:10   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-11 23:39   ---------   d-----w   C:\Program Files\Spybot - Search & Destroy
2008-02-11 23:38   656,384   ----a-w   C:\WINDOWS\Internet Logs\xDB8.tmp
2008-02-11 15:33   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-11 13:44   1,147,703   ----a-w   C:\WINDOWS\Internet Logs\tvDebug.zip
2008-02-10 20:54   ---------   d-----w   C:\Program Files\Bonjour
2008-02-09 15:04   ---------   d-----w   C:\Documents and Settings\Jim\Application Data\LimeWire
2008-02-08 21:44   409,088   ----a-w   C:\WINDOWS\Internet Logs\xDB7.tmp
2008-02-08 19:45   2,116,096   ----a-w   C:\WINDOWS\Internet Logs\xDB6.tmp
2008-02-08 17:50   2,116,096   ----a-w   C:\WINDOWS\Internet Logs\xDB5.tmp
2008-02-07 23:43   2,112,000   ----a-w   C:\WINDOWS\Internet Logs\xDB4.tmp
2008-02-07 15:57   ---------   d-----w   C:\Program Files\CamStudio
2008-02-06 23:49   2,076,160   ----a-w   C:\WINDOWS\Internet Logs\xDB3.tmp
2008-02-05 20:44   78,848   ----a-w   C:\WINDOWS\system32\msiexec.exe
2008-02-05 02:29   1,748,480   ----a-w   C:\WINDOWS\Internet Logs\xDB2.tmp
2008-02-02 14:57   ---------   d-----w   C:\Program Files\SpywareBlaster
2008-02-01 14:48   ---------   d-----w   C:\Program Files\Common Files\Real
2008-02-01 13:44   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-01-31 02:38   1,251,328   ----a-w   C:\WINDOWS\Internet Logs\xDB1.tmp
2008-01-30 22:43   ---------   d-----w   C:\Documents and Settings\Jim\Application Data\Apple Computer
2008-01-30 01:27   ---------   d-----w   C:\Program Files\Common Files\Symantec Shared
2008-01-23 22:39   ---------   d-----w   C:\Documents and Settings\Jim\Application Data\dvdcss
2008-01-18 13:46   ---------   d-----w   C:\Program Files\iTunes
2008-01-17 21:48   ---------   d-----w   C:\Program Files\QuickTime
2008-01-13 22:14   ---------   d-----w   C:\Program Files\Yahoo!
2008-01-13 22:14   ---------   d-----w   C:\Program Files\Common Files\Scanner
2008-01-13 16:45   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-13 16:42   12,632   ----a-w   C:\WINDOWS\system32\lsdelete.exe
2008-01-13 02:07   ---------   d-----w   C:\Documents and Settings\Jim\Application Data\vlc
2008-01-10 01:46   ---------   d-----w   C:\Program Files\Common Files\Adobe
2008-01-10 00:49   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-09 22:48   ---------   d-----w   C:\Program Files\Common Files\Macrovision Shared
2008-01-09 00:56   ---------   d-----w   C:\Program Files\VideoProfessor
2008-01-09 00:55   ---------   d-----w   C:\Documents and Settings\Jim\Application Data\Media Player Classic
2008-01-07 00:49   ---------   d-----w   C:\Program Files\Doom 3
2008-01-07 00:17   ---------   d-----w   C:\Program Files\Doom 3 Demo
2008-01-06 18:25   ---------   d-----w   C:\Program Files\Total Video Converter
2008-01-06 17:53   ---------   d-----w   C:\Program Files\Zeallsoft
2008-01-05 23:05   ---------   d-----w   C:\Program Files\Windows Live Safety Center
2008-01-04 15:24   ---------   d-----w   C:\Documents and Settings\Administrator\Application Data\AVG7
2008-01-03 23:55   ---------   d-----w   C:\Program Files\Blender Foundation
2008-01-03 23:52   ---------   d-----w   C:\Program Files\LimeWire
2008-01-03 21:45   ---------   d-----w   C:\Documents and Settings\Jim\Application Data\Yahoo!
2008-01-03 21:33   ---------   d-----w   C:\Documents and Settings\Jim\Application Data\Talkback
2008-01-03 19:56   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Avg7
2008-01-03 19:49   ---------   d-----w   C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-03 00:52   ---------   d-----w   C:\Program Files\VideoLAN
2008-01-03 00:44   ---------   d-----w   C:\Program Files\DVD Decrypter
2008-01-03 00:21   ---------   d-----w   C:\Program Files\Safari
2008-01-01 18:09   ---------   d-----w   C:\Program Files\Registry Clean Expert
2007-12-26 20:36   ---------   d-----w   C:\Program Files\Guitar Pro 5
2007-12-24 15:47   ---------   d-----w   C:\Program Files\DivX
2007-12-24 15:25   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-18 09:51   179,584   ----a-w   C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-15 02:14   ---------   d-----w   C:\Program Files\Microsoft.NET
2007-12-15 02:14   ---------   d-----w   C:\Program Files\Microsoft Visual Studio 8
2007-12-15 02:14   ---------   d-----w   C:\Program Files\Common Files\Merge Modules
2007-12-11 22:34   200,704   ----a-w   C:\WINDOWS\system32\ssldivx.dll
2007-12-11 22:34   1,044,480   ----a-w   C:\WINDOWS\system32\libdivx.dll
2007-12-07 02:21   824,832   ----a-w   C:\WINDOWS\system32\wininet.dll
2007-12-05 07:53   356,352   ----a-w   C:\WINDOWS\system32\NVUNINST.EXE
2007-12-05 06:41   81,920   ----a-w   C:\WINDOWS\system32\nvwddi.dll
2007-12-05 06:41   81,920   ----a-w   C:\WINDOWS\system32\nvmctray.dll
2007-12-05 06:41   8,523,776   ----a-w   C:\WINDOWS\system32\nvcpl.dll
2007-12-05 06:41   753,664   ----a-w   C:\WINDOWS\system32\nvcplui.exe
2007-12-05 06:41   6,901,760   ----a-w   C:\WINDOWS\system32\nvoglnt.dll
2007-12-05 06:41   6,549,504   ----a-w   C:\WINDOWS\system32\nvdisps.dll
2007-12-05 06:41   5,773,568   ----a-w   C:\WINDOWS\system32\nv4_disp.dll
2007-12-05 06:41   45,056   ----a-w   C:\WINDOWS\system32\nvmccsrs.dll
2007-12-05 06:41   385,024   ----a-w   C:\WINDOWS\system32\nvapi.dll
2007-12-05 06:41   356,352   ----a-w   C:\WINDOWS\system32\nvudisp.exe
2007-12-05 06:41   35,328   ----a-w   C:\WINDOWS\system32\nvcodins.dll
2007-12-05 06:41   35,328   ----a-w   C:\WINDOWS\system32\nvcod.dll
2007-12-05 06:41   307,200   ----a-w   C:\WINDOWS\system32\nvexpbar.dll
2007-12-05 06:41   3,710,976   ----a-w   C:\WINDOWS\system32\nvvitvs.dll
2007-12-05 06:41   3,420,160   ----a-w   C:\WINDOWS\system32\nvgames.dll
2007-12-05 06:41   286,720   ----a-w   C:\WINDOWS\system32\nvnt4cpl.dll
2007-12-05 06:41   229,376   ----a-w   C:\WINDOWS\system32\nvmccs.dll
2007-12-05 06:41   2,498,560   ----a-w   C:\WINDOWS\system32\nvwss.dll
2007-12-05 06:41   188,416   ----a-w   C:\WINDOWS\system32\nvmccss.dll
2007-12-05 06:41   155,716   ----a-w   C:\WINDOWS\system32\nvsvc32.exe
2007-12-05 06:41   147,456   ----a-w   C:\WINDOWS\system32\nvcolor.exe
2007-12-05 06:41   1,228,800   ----a-w   C:\WINDOWS\system32\nvmobls.dll
2007-12-05 06:41   1,089,536   ----a-w   C:\WINDOWS\system32\nvcuda.dll
2007-12-04 18:38   550,912   ----a-w   C:\WINDOWS\system32\oleaut32.dll
2007-11-20 00:42   256   ----a-w   C:\sccfg.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B8A7839C-51E8-4067-ADA3-CA74BABC1976}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="" []
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [ ]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 02:54 77824 C:\WINDOWS\SOUNDMAN.EXE]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 17:20 866584]
"osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [ ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [ ]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-03 20:56 579072]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 15:42 249896]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 08:01 437160]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 07:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-03 20:56 219136]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Jim^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Jim\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Jim^Start Menu^Programs^Startup^YouTube Uploader.lnk]
path=C:\Documents and Settings\Jim\Start Menu\Programs\Startup\YouTube Uploader.lnk
backup=C:\WINDOWS\pss\YouTube Uploader.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Remote Control]
--a------ 2005-04-15 14:18 1482752 C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
--a------ 2008-01-03 20:56 579072 C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 07:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-01-19 21:58 21488 C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\1.0.103.0\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
C:\Program Files\Internet Download Manager\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 01:41 81920 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
C:\PROGRA~1\Symantec\osCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean Expert Scheduler]
C:\Program Files\Registry Clean Expert\RCHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 17:20 866584 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Nero BackItUp Scheduler 3"=2 (0x2)
"comHost"=3 (0x3)
"YPCService"=3 (0x3)

R1 AmdPPM;AMD HwPState Processor Driver;C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 21:46]
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 04:29]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2007-05-23 04:15]
S3 MEL;MEL;C:\DOCUME~1\Jim\LOCALS~1\Temp\MEL.exe [2008-02-11 15:43]
S3 WSUB;WSUB;C:\DOCUME~1\Jim\LOCALS~1\Temp\WSUB.exe [2008-02-11 13:08]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-13 01:00:00 C:\WINDOWS\Tasks\Ad-Aware SE Personal.job"
- C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
"2008-02-15 20:33:38 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-02-05 01:00:00 C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - Wyatt.job"
- C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exeh/TASK:
"2008-02-11 22:30:00 C:\WINDOWS\Tasks\Spybot - Search & Destroy -  Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe,/AUTOCHECK /AUTOFIX  /AUTOUPDATE /AUTOCLOSE+C:\Program Files\Spybot - Search & Destroy
"2008-02-13 01:00:01 C:\WINDOWS\Tasks\SpywareBlaster.job"
- C:\PROGRA~1\SPYWAR~1\SPYWAR~1.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-15 15:52:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-15 15:55:49
ComboFix-quarantined-files.txt  2008-02-15 20:55:37
ComboFix2.txt  2008-02-11 13:53:16
ComboFix3.txt  2008-02-11 01:21:02
ComboFix4.txt  2008-02-08 22:51:44
.
2008-02-15 20:38:47   --- E O F --- 

[Ruby]

Hello xblade12100

you are using three Antivirus programs: Avast, Symantec and AntiVir, please use Norton Removal Tool to uninstall your Norton. Go on, use avast! uninstall utility to uninstall Avast. You may not run more than one Antivirus program, otherwise your machine can crash. And then, go on, run CleanUp with these instructions:

Download CleanUp 3.1.2 from  here, have a look to the  Screenshots and Balltraps instructions (Merci à Balltrap).

Put a checkmark as to be seen on the pictures.
Press first the 'OK' button, then the 'cleanup' button.
Reboot your machine.

And now, I want to see another fresh HJTScanlist from you and once more the Uninstall List with these instructions:

Please open Hijack This and click on the "Open the Misc Tools section" button.
Click on the "Open Uninstall Manager" button.
Click the "Save List" button.
Save the list.
Now it opens in notepad.
Copy and paste the content of that list here.

How is the computer behaving now?

[xblade12100]

I will give you the stuff later but the Msiexec is still there!

[xblade12100]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:50:25 PM, on 2/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rogers.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B8A7839C-51E8-4067-ADA3-CA74BABC1976} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MEL - Unknown owner - C:\DOCUME~1\Jim\LOCALS~1\Temp\MEL.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WSUB - Unknown owner - C:\DOCUME~1\Jim\LOCALS~1\Temp\WSUB.exe (file missing)

--
End of file - 8519 bytes
Adobe Acrobat 4.0
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Flash CS3
Adobe Flash CS3 Professional
Adobe Flash Player 9 Plugin
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 8.1.1
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AnvSoft iPod Movie Maker 2.0
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Parental Control
ATI Remote Wonder 3.01
ATI TV Settings
AVG 7.5
AVG Anti-Rootkit Free
AVG Anti-Spyware 7.5
Avira AntiVir PersonalEdition Classic
CamStudio
CamStudio Lossless Codec
CD/DVD-ROM Generator 1.20
CinemaForge
CleanUp!
DivX Content Uploader
DivX Web Player
Doom 3
DVD Decrypter (Remove Only)
FXhome EffectsLab Pro (remove only)
GUIDE PLUS+(TM) for Windows® System - ATI
Guitar Hero Explorer
Guitar Pro 5.2
Half-Life(R) 2
HijackThis 2.0.2
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
ImgBurn (Remove Only)
iTunes
LimeWire 4.15.3
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MoviePod
Mozilla Firefox (2.0.0.11)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
NVIDIA Drivers
Opera 9.25
PDF Settings
PowerCinema 3.0 - ATI Edition
QuickTime
Real Alternative 1.52
RealPlayer
Registrar Registry Manager 5.66
Registrar Registry Manager 5.66  (Lite Edition)
Rhapsody Player Engine
Rhapsody Player Engine
Rogers Yahoo! Applications
Safari
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
SpywareBlaster v3.5.1
Steam(TM)
Super Screen Recorder 4.0
System Requirements Lab
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB914882)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB923845)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
VideoLAN VLC media player 0.8.6d
Viewpoint Media Player
ViewSonic Monitor Drivers
Virtools 3D Life Player
VS2005 Redistributable Package
WinAVI Video Converter 9.0
Windows Communication Foundation
Windows Defender
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
WolfTeam International
Yahoo! Anti-Spy
ZoneAlarm Security Suite

[xblade12100]

Just to let you know, that Avira found 9 trojans since the Install

[Ruby]

Hello xblade12100

could you please show me the logfile(s) of AntiVir with these trojans? Or do you remember name and path of these Trojans? What did you do that you again have Trojans on your machine?

Please read these instructions carefully and print them out!
Be sure to follow ALL instructions!
Follow the steps.

Step 1
Please Update your Avira AntiVir

Reboot your machine into "Safe Mode" using the F8 key. To do this, restart your computer and after hearing your computer beep once during startup (before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Use the Option "Scan system now", take a complete scan of whole your machine. Close all applications, all windows, your Browser. Please be patient it will last some time. Please use the Option "Move to quarantine" for every malware which is found on your system. Reboot your machine to normal mode when the scan is done. Post  the content of your Avira AntiVir logfile.

Step 2

• Download Malwarebytes' Anti-Malware

• Update the program online

• Be sure that you have got the latest definitions, repeat the Update.

• Have a look for Options.

• Close all applications, close all windows and your browser.

• 'Perform full scan'

• Chose all drives on your machine.

• Click the button 'Run Scan'

• Please be patient, it will last a while until the scan is done.

• When the scan has finished, click 'Remove Selected' to move found malware to quarantine.

• When you are done, you can exit the program to ask for advice or delete the malware files at once:
  chose then 'Delete All'.

• Click 'Show Results', to get the results of the scan.

• Copy&paste the content of this logfile to your thread.

Step 3

• Perform now an online Virus scan with the F-Secure Online Virus Scanner

• Follow the directions on the F-Secure page for proper installation, it will check for rootkits too.

• It requires Internet Explorer to work: click the alert and install the ActiveX component.

• Please choose Quarantine instead of delete.

• Save the logfile.

• Reboot your system when the scan is finished.

• Reconfigure the Internet Explorer with these Settings, when the scan is finished.

• Please post the contents of this logfile to your thread.

Step 4
Turn off system restore by following instructions here:
http://www.thespykiller.co.uk/index.php?page=8
That will purge the restore folder and clear any malware that has been put in there.
Then reboot & then re-enable system restore & create a new restore point.
Now Empty Recycle bin on desktop.

[xblade12100]

hey, How do I get a log Report because I don't want to copy alot of info and is there a way to turn of the Beeping In Avaria because I don't want anyone to know I have a problem with the computer and they ask "what is that beeping sound?"

Thank you

Your tests should be done in another day or so.

[Ruby]

How do I get a logfile...

Please read these tutorials to find all information you need:

• Tutorial Malwarebytes' Anti-Malware
• Avira AntiVir® Tutorial

Beeping Sound > turn off your speaker 

[xblade12100]

ok but It comes from my computer, It self when a virus is found

[Would you do all this for nothing?]

You have come to The Spykiller for help because your Antivirus or Antispyware hasn't been able to fix your problem.

Modern Malware has become so involved and difficult to fix that it takes a very long time and a lot of hard work to read all the logs posted here and research and prepare the fixes for you. In many cases each part of the fix takes about 30 minutes to prepare, so a large part of my time is spent helping you

Would you do all this for nothing?

The reason I run this site is to raise funds for Hedgehog Rescue

Please donate if I have helped you or you have found this site useful.

You can donate safely and securely by using the paypal service, just click on one of the buttons below.

To donate in UK £

To donate in US$

To donate in Euro €

Any amount no matter how small is gratefully accepted and needed to ensure we keep the Rescue Centre running

To donate via paypal when the button doesn't appear or the link doesn't work: just go to www.paypal.com or your country's paypal log in page and chose send money and use help@thehedgehog.co.uk as recipient email address and select other service as the option. then follow prompts

[Software]

   7 day shop
  Software
   Antiviruses
     Kaspersky
     Trojan Remover
   Other Software
     Useful Downloads
     Spyware Fixing Tools
  
  Information
   Security & Protection Blog
   Prevention
   Using Autoruns
   Process Library
     System Restore
  Software Reviews
     Wintasks
  Rss feeds
     Microsoft Security
     MSRC
     Malware blog
     Secunia

Take the Kaspersky Challenge: See what your current antivirus is missing. Our free online virus scanner is a great way to find out if you have any viruses or spyware on your machine without having to uninstall your current antivirus software or install a new one.

Kaspersky Online Scanner

Most importantly, you can see what viruses your current antivirus software let slip through! Now works with ANY Java enabled browser