Solve : need help with tis....?

1.	Solve : need help with tis....?
Answer» Adobe Flash Player ActiveX Adobe Flash Player Plugin Adobe Reader 6.0.1 Adobe® Photoshop® Album Starter Edition 3.2 Apple Software Update Athlon 64 Processor Driver Avanquest update avast! Antivirus Battlefield 2142 BitSpirit v3.3.2.100 Stable CA Yahoo! Anti-Spy (remove only) CABAL Online v3.3 GG E-Sports Platform HijackThis 2.0.2 Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) Internet Download Manager Java(TM) 6 Update 2 Java(TM) 6 Update 3 K-Lite Codec Pack 2.50 Full LimeWire 4.16.4 Malwarebytes' Anti-Malware Megaupload Toolbar Messenger Plus! Live & Sponsor (CiD) Microsoft .NET Framework 2.0 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office PUBLISHER MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Visual C++ 2005 Redistributable Mozilla Firefox (2.0.0.12) Nero 7 Premium NVIDIA ForceWare Network Access Manager QuickTime Realtek AC'97 Audio Security Update for Excel 2007 (KB946974) Security Update for Office 2007 (KB947801) Security Update for Outlook 2007 (KB946983) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB936782) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901190) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921503) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB937894) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB941202) Security Update for Windows XP (KB941568) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB941644) Security Update for Windows XP (KB943055) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB943485) Security Update for Windows XP (KB944653) Security Update for Windows XP (KB946026) Sony Ericsson PC Suite 3.102.00 TeamSpeak 2 RC2 Ulead Straight-to-Disc SDK Update for Outlook 2007 Junk Email Filter (kb947945) Update for Windows XP (KB894391) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB904942) Update for Windows XP (KB908531) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB927891) Update for Windows XP (KB930916) Update for Windows XP (KB938828) Update for Windows XP (KB942763) WavePad Uninstall Winamp Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Live installer Windows Live Messenger Windows Live OneCare safety scanner Windows Live Sign-in Assistant Windows Media Format Runtime Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 WinFast PVR WinFast(R) Display Driver WinFox Setup WinRAR archiver Xfire (remove only) XP Codec Pack Yahoo! Toolbar Yahoo! Toolbar My pc is better now,at least it didn't call me to download anymore anti-virus since the trojans are remove using Malwarebytes.But,there is still one of the pop-ups still up.Hearte.exeDid you update java and uninstall the old versions? Go to add/remove programs and uninstall: Messenger Plus! Live & Sponsor (CiD) <- This program is not trusted. It contains adware (popups) and also trojans. ---------- PLEASE download Combofix by sUBs from one of the below links. (Try all three if necessary) Link #1 Link #2 Link #3 Important! Combofix.exe MUST be saved to and ran from the Desktop. Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting Combofix. Important! Temporarily disable your antivirus, script blocking and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. If yours is not listed and you don't know how to disable it, please ask. Warning: Combofix disconnects your computer from the internet. The connection is automatically restored before Combofix completes its run. Double click combofix.exe & follow the prompts. From the keyboard select 1 and press Enter[/COLOR] When finished, it will produce a log for you. Post that log in your next reply. Warning: Do not mouseclick combofix's window while it is running. That may cause it to stall If Combofix RUNS into difficulty and terminates prematurely, the connection can be manually restored by restarting your computer. Important: Remember to re-enable your antivirus and antispyware before reconnecting to the Internet. . ---------- Next post Combofix log ComboFix 08-03-18.1 - Kah Weng 2008-03-20 8:54:24.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.583 [GMT 8:00] Running from: C:\Documents and Settings\Kah Weng\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Kah Weng\Application Data\macromedia\Flash Player\#SharedObjects\6CDH2C73\iforex.com C:\Documents and Settings\Kah Weng\Application Data\macromedia\Flash Player\#SharedObjects\6CDH2C73\iforex.com\Emerp\Events\flash_object.swf\user_data.sol C:\Documents and Settings\Kah Weng\Application Data\macromedia\Flash Player\iforex.com C:\Documents and Settings\Kah Weng\Application Data\macromedia\Flash Player\iforex.com\Emerp\Events\flash_object.swf\user_data.sol C:\Documents and Settings\Kah Weng\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com C:\Documents and Settings\Kah Weng\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol C:\Documents and Settings\Kah Weng\ResErrors.log . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_DHLP ((((((((((((((((((((((((( Files Created from 2008-02-20 to 2008-03-20 ))))))))))))))))))))))))))))))) . 2008-03-17 18:30 . 2008-03-17 18:30d--------C:\Program Files\Malwarebytes' Anti-Malware 2008-03-17 18:30 . 2008-03-17 18:30d--------C:\Documents and Settings\Kah Weng\Application Data\Malwarebytes 2008-03-17 18:30 . 2008-03-17 18:30d--------C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-03-16 21:26 . 2008-03-16 21:26d--------C:\WINDOWS\ERUNT 2008-03-16 21:21 . 2008-03-16 21:34d--------C:\SDFix 2008-03-16 11:51 . 2008-03-16 11:53d--------C:\NoLopBackups 2008-03-16 10:47 . 2008-03-16 10:47d--------C:\Program Files\Trend Micro 2008-03-14 07:06 . 2008-03-14 07:0641,296--a------C:\WINDOWS\system32\xfcodec.dll 2008-03-11 19:27 . 2008-03-11 19:27d--------C:\Program Files\Apple Software Update 2008-03-11 19:27 . 2008-03-11 19:27d--------C:\Documents and Settings\All Users\Application Data\Apple 2008-03-11 11:13 . 2006-10-26 19:5632,592--a------C:\WINDOWS\system32\msonpmon.dll 2008-03-11 11:12 . 2008-03-11 11:12d--------C:\Program Files\MSBuild 2008-03-11 11:12 . 2008-03-11 11:12d--------C:\Program Files\Microsoft Works 2008-03-11 11:10 . 2008-03-11 11:10d--------C:\Program Files\Microsoft.NET 2008-03-11 11:08 . 2008-03-11 11:11d--------C:\WINDOWS\SHELLNEW 2008-03-11 11:08 . 2008-03-11 11:08d--------C:\Program Files\Microsoft Visual Studio 8 2008-03-11 11:07 . 2008-03-11 11:07dr-h-----C:\MSOCache 2008-03-11 11:07 . 2008-03-12 17:48d--------C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-03-10 10:11 . 2008-03-17 21:0269--a------C:\WINDOWS\NeroDigital.ini 2008-03-04 13:19 . 2008-03-04 13:20d--------C:\Documents and Settings\Kah Weng\Application Data\Ahead 2008-03-04 13:17 . 2008-03-04 13:17d--------C:\Program Files\Nero 2008-03-04 13:17 . 2008-03-04 13:20d--------C:\Program Files\Common Files\Ahead 2008-03-03 00:42 . 2008-03-03 00:42d--------C:\Program Files\Ocean Technologies & Media 2008-03-03 00:42 . 2006-03-14 02:2653,248--a------C:\WINDOWS\system32\ImageOle.dll 2008-02-29 22:11 . 2008-02-29 22:11d--------C:\Program Files\blueserver 2008-02-29 21:36 . 2008-02-29 21:37d--------C:\Program Files\Warcraft III 2008-02-23 14:01 . 2008-02-23 14:01d--------C:\Program Files\XP Codec Pack 2008-02-23 14:01 . 2007-08-18 15:54380,928--a------C:\WINDOWS\system32\ac3filter.acm 2008-02-23 12:47 . 2008-02-23 12:47d--------C:\Documents and Settings\Kah Weng\Application Data\Apple Computer 2008-02-23 12:35 . 2008-02-23 12:35d--------C:\Program Files\K-Lite Codec Pack 2008-02-21 18:21 . 2008-02-21 18:21d--------C:\Program Files\Internet Download Manager 2008-02-21 18:21 . 2008-02-21 19:39d--------C:\Documents and Settings\Kah Weng\Application Data\IDM 2008-02-21 18:21 . 2008-03-20 00:56d--------C:\Documents and Settings\Kah Weng\Application Data\DMCache 2008-02-20 22:04 . 2008-02-15 23:12206,256--a------C:\WINDOWS\system32\idmmbc.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))). 2008-03-20 00:29---------d-----wC:\Documents and Settings\Kah Weng\Application Data\MegauploadToolbar 2008-03-19 18:09---------d-----wC:\Documents and Settings\Kah Weng\Application Data\Xfire 2008-03-19 16:50---------d-----wC:\Program Files\Java 2008-03-19 11:36---------d-----wC:\Documents and Settings\Kah Weng\Application Data\LimeWire 2008-03-19 07:13---------d-----wC:\Program Files\Frozen Throne 2008-03-18 14:4722,328----a-wC:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-03-18 09:13---------d-----wC:\Program Files\Xfire 2008-03-17 16:07---------d-----wC:\Program Files\Windows Live Safety Center 2008-03-08 04:22---------d--h--wC:\Program Files\InstallShield Installation Information 2008-03-04 09:10---------d-----wC:\Program Files\Minilyrics 2008-02-18 15:55---------d-----wC:\Program Files\Avanquest update 2008-02-17 01:59---------d-----wC:\Program Files\NCH Swift Sound 2008-02-17 01:58---------d-----wC:\Documents and Settings\Kah Weng\Application Data\Recordpad 2008-02-17 01:58---------d-----wC:\Documents and Settings\Kah Weng\Application Data\NCH Swift Sound 2008-02-17 01:58---------d-----wC:\Documents and Settings\All Users\Application Data\NCH Swift Sound 2008-02-17 01:57---------d-----wC:\Program Files\NCH Software 2008-02-16 10:14---------d-----wC:\Documents and Settings\Kah Weng\Application Data\Leadertech 2008-02-16 04:22---------d-----wC:\Program Files\Common Files\Adobe 2008-02-16 04:21---------d-----wC:\Program Files\QuickTime 2008-02-16 04:21---------d-----wC:\Documents and Settings\All Users\Application Data\Apple Computer 2008-02-16 04:15---------d-----wC:\Program Files\Sony Ericsson 2008-02-16 04:15---------d-----wC:\Documents and Settings\Kah Weng\Application Data\InstallShield 2008-02-16 04:15---------d-----wC:\Documents and Settings\All Users\Application Data\Sony Ericsson 2008-02-16 04:15---------d-----wC:\Documents and Settings\All Users\Application Data\BVRP Software 2008-02-16 03:58---------d-----wC:\Program Files\MegauploadToolbar 2008-02-15 09:02---------d-----wC:\Program Files\CA Yahoo! Anti-Spy 2008-02-15 03:41---------d-----wC:\Documents and Settings\Kah Weng\Application Data\BiasMailDead 2008-02-15 03:40---------d-----wC:\Documents and Settings\All Users\Application Data\Ping Sign Byte Tool 2008-02-15 03:39---------d-----wC:\Program Files\BiasMailDead 2008-02-15 03:24---------d-----wC:\Program Files\Alwil Software 2008-02-12 02:18---------d---a-wC:\Documents and Settings\All Users\Application Data\TEMP 2008-02-08 02:35---------d-----wC:\Program Files\Common Files\Scanner 2008-02-08 02:33---------d-----wC:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-02-08 02:32---------d-----wC:\Program Files\Yahoo! 2008-02-08 02:32---------d-----wC:\Documents and Settings\Kah Weng\Application Data\Yahoo! 2008-02-07 04:53---------d-----wC:\Program Files\LimeWire 2008-02-06 15:36---------d-----wC:\Program Files\BitSpirit 2008-02-06 15:36---------d-----wC:\Documents and Settings\Kah Weng\Application Data\BitSpirit 2008-02-06 12:14---------d-----wC:\Documents and Settings\Kah Weng\Application Data\AdobeUM 2008-02-03 12:39---------d-----wC:\Documents and Settings\Kah Weng\Application Data\teamspeak2 2008-01-28 11:54---------d-----wC:\Program Files\Winamp 2008-01-27 14:22---------d-----wC:\Program Files\Common Files\Java 2008-01-27 03:16---------d-----wC:\Documents and Settings\LocalService\Application Data\Xfire 2008-01-26 18:25---------d-----wC:\Documents and Settings\Kah Weng\Application Data\Winamp 2008-01-24 19:11---------dcsh--wC:\Program Files\Common Files\WindowsLiveInstaller 2008-01-23 03:31---------d-----wC:\Documents and Settings\NetworkService\Application Data\BiasMailDead 2008-01-23 03:27---------d-----wC:\Documents and Settings\NetworkService\Application Data\Xfire 2008-01-22 02:44---------d-----wC:\Documents and Settings\Kah Weng\Application Data\Media Player Classic 2008-01-21 11:24---------d-----wC:\Program Files\Messenger Plus! Live 2008-01-20 08:38---------d-----wC:\Documents and Settings\Kah Weng\Application Data\Talkback 2008-01-20 06:14---------d-----wC:\Documents and Settings\All Users\Application Data\Messenger Plus! 2008-01-20 05:10---------d-----wC:\Program Files\Windows Live 2008-01-20 05:10---------d-----wC:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller 2008-01-20 05:09---------d-----wC:\Documents and Settings\All Users\Application Data\WLInstaller 2008-01-20 04:57---------d-----wC:\Documents and Settings\All Users\Application Data\nView_Profiles 2008-01-20 04:48---------d-----wC:\Program Files\Leadtek Research Inc 2008-01-20 04:47---------d-----wC:\Program Files\WinFast 2008-01-20 04:47---------d-----wC:\Program Files\Common Files\Ulead Systems 2008-01-20 04:47---------d-----wC:\Documents and Settings\All Users\Application Data\Ulead Systems 2008-01-20 04:43---------d-----wC:\Program Files\Common Files\InstallShield 2008-01-20 04:31---------d-----wC:\Program Files\AMD 2008-01-20 04:06---------d-----wC:\Program Files\NVIDIA Corporation 2008-01-20 04:03---------d-----wC:\Program Files\Realtek Sound Manager 2008-01-20 04:03---------d-----wC:\Program Files\Realtek AC97 2008-01-20 04:03---------d-----wC:\Program Files\AvRack 2008-01-20 03:49---------d-----wC:\Program Files\microsoft frontpage . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "sign fork"="C:\DOCUME~1\KAHWEN~1\APPLIC~1\BIASMA~1\infoobjatom.exe" [2008-02-15 11:39 465408] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2005-01-04 08:00 15360] "WinSpyControl"="C:\Program Files\WinSpyControl\pgs.exe" [ ] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2007-10-02 16:10 356352] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 17:03 94208] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2005-01-04 08:00 208952] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2005-01-04 08:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2005-01-04 08:00 455168] "SoundMan"="SOUNDMAN.EXE" [2005-08-17 18:39 90112 C:\WINDOWS\soundman.exe] "nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-04-29 18:22 266240] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-20 21:07 7110656] "nwiz"="nwiz.exe" [2005-07-20 21:07 1519616 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-07-20 21:07 86016] "WinFast Schedule"="C:\Program Files\WinFast\WFTVFM\WFWIZ.exe" [2005-08-15 17:43 319488] "WinFast2KLoadDefault"="wf2kcpl.dll" [2005-08-24 15:36 615424 C:\WINDOWS\system32\WF2KCPL.dll] "WinFoxV2"="C:\WINDOWS\system32\WF2K.exe" [2005-08-26 09:38 1310720] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 06:54 37376] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 21:00 79224] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712] "BVRPLiveUpdate"="C:\Program Files\Avanquest update\Engine\Setup.exe" [ ] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Xfire\\xfire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\BitSpirit\\BitSpirit.exe"= "D:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"= "C:\\Program Files\\Ocean Technologies & Media\\GG E-Sports Platform\\GGclient.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=R3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2005-01-06 16:55] R4 WINFOXIO;WINFOXIO;C:\WINDOWS\system32\Drivers\WINFOXIO.SYS [2005-03-25 18:24] S2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [] S3 w900bus;Sony Ericsson 900i driver (WDM);C:\WINDOWS\system32\DRIVERS\w900bus.sys [2005-09-06 17:46] S3 w900mdfl;Sony Ericsson 900i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w900mdfl.sys [2005-09-06 17:48] S3 w900mdm;Sony Ericsson 900i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\w900mdm.sys [2005-09-06 17:48] S3 w900mgmt;Sony Ericsson 900i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\w900mgmt.sys [2005-09-06 17:49] S3 w900obex;Sony Ericsson 900i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\w900obex.sys [2005-09-06 17:50] S3 XDva037;XDva037;C:\WINDOWS\system32\XDva037.sys [] S3 XDva104;XDva104;C:\WINDOWS\system32\XDva104.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \Shell\AutoRun\command - E:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1dc12aff-c812-11dc-98a9-00508dc0eaa5}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe \Shell\Explore\command - Flash.10.Setup.exe \Shell\Open\command - Flash.10.Setup.exe \Shell\Scan for Viruses\command - Scanner.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{349a1ea3-de95-11dc-992e-00508dc0eaa5}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe \Shell\Explore\command - Flash.10.Setup.exe \Shell\Open\command - Flash.10.Setup.exe \Shell\Scan for Viruses\command - G:\Scanner.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66185e9e-cd7e-11dc-98bf-00508dc0eaa5}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe \Shell\Explore\command - Flash.10.Setup.exe \Shell\Open\command - Flash.10.Setup.exe \Shell\Scan for Viruses\command - F:\Scanner.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9bfc4114-c749-11dc-8610-806d6172696f}] \Shell\AutoRun\command - E:\Autorun.exe root.ini . Contents of the 'Scheduled Tasks' folder "2008-03-13 15:51:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-20 08:57:45 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\system32\wscntfy.exe . ********************************************************************** . Completion time: 2008-03-20 8:59:29 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-20 00:59:26 . 2008-03-12 09:49:00--- E O F --- Download OTMoveIt2 by OldTimer. Save it to your desktop. Double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): Code: [Select]HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinSpyControl Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window. IMPORTANT -- Paste only into the bottom input panel (under the Yellow bar), The top panel will not help you. Right-click and choose Paste. Click the red Moveit! button. Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTMoveIt2 Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start>All Programs>Accessories>Notepad), click File>Open*, in the File Name box enter .log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present. Copy and then paste the contents of that document in your next post. ---------- Go back here and scroll down to the SuperAntispyware instructions and run that scan. The Heart.exe is part of a LOP infection but it isn't showing in any LOGS so I don't know where it is coming from to delete it.Maybe SAS will Find it.I don't think you gave me the right link???There's nothing on OTMoveIt2 by OldTimer(download)Link fixed, please try again.

Answer»

Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 6.0.1
Adobe® Photoshop® Album Starter Edition 3.2
Apple Software Update
Athlon 64 Processor Driver
Avanquest update
avast! Antivirus
Battlefield 2142
BitSpirit v3.3.2.100 Stable
CA Yahoo! Anti-Spy (remove only)
CABAL Online v3.3
GG E-Sports Platform
HijackThis 2.0.2
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Internet Download Manager
Java(TM) 6 Update 2
Java(TM) 6 Update 3
K-Lite Codec Pack 2.50 Full
LimeWire 4.16.4
Malwarebytes' Anti-Malware
Megaupload Toolbar
Messenger Plus! Live & Sponsor (CiD)
Microsoft .NET Framework 2.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office PUBLISHER MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.12)
Nero 7 Premium
NVIDIA ForceWare Network Access Manager
QuickTime
Realtek AC'97 Audio
Security Update for Excel 2007 (KB946974)
Security Update for Office 2007 (KB947801)
Security Update for Outlook 2007 (KB946983)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Sony Ericsson PC Suite 3.102.00
TeamSpeak 2 RC2
Ulead Straight-to-Disc SDK
Update for Outlook 2007 Junk Email Filter (kb947945)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
WavePad Uninstall
Winamp
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinFast PVR
WinFast(R) Display Driver
WinFox Setup
WinRAR archiver
Xfire (remove only)
XP Codec Pack
Yahoo! Toolbar
Yahoo! Toolbar

My pc is better now,at least it didn't call me to download anymore anti-virus since the trojans are remove using Malwarebytes.But,there is still one of the pop-ups still up.Hearte.exeDid you update java and uninstall the old versions?

Go to add/remove programs and uninstall:

Messenger Plus! Live & Sponsor (CiD) <- This program is not trusted. It contains adware (popups) and also trojans.

----------

PLEASE download Combofix by sUBs from one of the below links.
(Try all three if necessary)

Important! Combofix.exe MUST be saved to and ran from the Desktop.

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting Combofix.
Important! Temporarily disable your antivirus, script blocking and any antispyware real time protection before performing a scan.
- Click this link to see a list of security programs that should be disabled and how to disable them.
- If yours is not listed and you don't know how to disable it, please ask.
Warning: Combofix disconnects your computer from the internet. The connection is automatically restored before Combofix completes its run.
Double click combofix.exe & follow the prompts.
- From the keyboard select 1 and press Enter[/COLOR]
- When finished, it will produce a log for you.
- Post that log in your next reply.
Warning: Do not mouseclick combofix's window while it is running. That may cause it to stall
- If Combofix RUNS into difficulty and terminates prematurely, the connection can be manually restored by restarting your computer.
- Important: Remember to re-enable your antivirus and antispyware before reconnecting to the Internet.
.
----------

Next post
Combofix log

ComboFix 08-03-18.1 - Kah Weng 2008-03-20 8:54:24.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.583 [GMT 8:00]
Running from: C:\Documents and Settings\Kah Weng\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Kah Weng\Application Data\macromedia\Flash Player\#SharedObjects\6CDH2C73\iforex.com
C:\Documents and Settings\Kah Weng\Application Data\macromedia\Flash Player\#SharedObjects\6CDH2C73\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\Kah Weng\Application Data\macromedia\Flash Player\iforex.com
C:\Documents and Settings\Kah Weng\Application Data\macromedia\Flash Player\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\Kah Weng\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Kah Weng\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Documents and Settings\Kah Weng\ResErrors.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DHLP

((((((((((((((((((((((((( Files Created from 2008-02-20 to 2008-03-20 )))))))))))))))))))))))))))))))
.

2008-03-17 18:30 . 2008-03-17 18:30d--------C:\Program Files\Malwarebytes' Anti-Malware
2008-03-17 18:30 . 2008-03-17 18:30d--------C:\Documents and Settings\Kah Weng\Application Data\Malwarebytes
2008-03-17 18:30 . 2008-03-17 18:30d--------C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-16 21:26 . 2008-03-16 21:26d--------C:\WINDOWS\ERUNT
2008-03-16 21:21 . 2008-03-16 21:34d--------C:\SDFix
2008-03-16 11:51 . 2008-03-16 11:53d--------C:\NoLopBackups
2008-03-16 10:47 . 2008-03-16 10:47d--------C:\Program Files\Trend Micro
2008-03-14 07:06 . 2008-03-14 07:0641,296--a------C:\WINDOWS\system32\xfcodec.dll
2008-03-11 19:27 . 2008-03-11 19:27d--------C:\Program Files\Apple Software Update
2008-03-11 19:27 . 2008-03-11 19:27d--------C:\Documents and Settings\All Users\Application Data\Apple
2008-03-11 11:13 . 2006-10-26 19:5632,592--a------C:\WINDOWS\system32\msonpmon.dll
2008-03-11 11:12 . 2008-03-11 11:12d--------C:\Program Files\MSBuild
2008-03-11 11:12 . 2008-03-11 11:12d--------C:\Program Files\Microsoft Works
2008-03-11 11:10 . 2008-03-11 11:10d--------C:\Program Files\Microsoft.NET
2008-03-11 11:08 . 2008-03-11 11:11d--------C:\WINDOWS\SHELLNEW
2008-03-11 11:08 . 2008-03-11 11:08d--------C:\Program Files\Microsoft Visual Studio 8
2008-03-11 11:07 . 2008-03-11 11:07dr-h-----C:\MSOCache
2008-03-11 11:07 . 2008-03-12 17:48d--------C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-10 10:11 . 2008-03-17 21:0269--a------C:\WINDOWS\NeroDigital.ini
2008-03-04 13:19 . 2008-03-04 13:20d--------C:\Documents and Settings\Kah Weng\Application Data\Ahead
2008-03-04 13:17 . 2008-03-04 13:17d--------C:\Program Files\Nero
2008-03-04 13:17 . 2008-03-04 13:20d--------C:\Program Files\Common Files\Ahead
2008-03-03 00:42 . 2008-03-03 00:42d--------C:\Program Files\Ocean Technologies & Media
2008-03-03 00:42 . 2006-03-14 02:2653,248--a------C:\WINDOWS\system32\ImageOle.dll
2008-02-29 22:11 . 2008-02-29 22:11d--------C:\Program Files\blueserver
2008-02-29 21:36 . 2008-02-29 21:37d--------C:\Program Files\Warcraft III
2008-02-23 14:01 . 2008-02-23 14:01d--------C:\Program Files\XP Codec Pack
2008-02-23 14:01 . 2007-08-18 15:54380,928--a------C:\WINDOWS\system32\ac3filter.acm
2008-02-23 12:47 . 2008-02-23 12:47d--------C:\Documents and Settings\Kah Weng\Application Data\Apple Computer
2008-02-23 12:35 . 2008-02-23 12:35d--------C:\Program Files\K-Lite Codec Pack
2008-02-21 18:21 . 2008-02-21 18:21d--------C:\Program Files\Internet Download Manager
2008-02-21 18:21 . 2008-02-21 19:39d--------C:\Documents and Settings\Kah Weng\Application Data\IDM
2008-02-21 18:21 . 2008-03-20 00:56d--------C:\Documents and Settings\Kah Weng\Application Data\DMCache
2008-02-20 22:04 . 2008-02-15 23:12206,256--a------C:\WINDOWS\system32\idmmbc.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).
2008-03-20 00:29---------d-----wC:\Documents and Settings\Kah Weng\Application Data\MegauploadToolbar
2008-03-19 18:09---------d-----wC:\Documents and Settings\Kah Weng\Application Data\Xfire
2008-03-19 16:50---------d-----wC:\Program Files\Java
2008-03-19 11:36---------d-----wC:\Documents and Settings\Kah Weng\Application Data\LimeWire
2008-03-19 07:13---------d-----wC:\Program Files\Frozen Throne
2008-03-18 14:4722,328----a-wC:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-18 09:13---------d-----wC:\Program Files\Xfire
2008-03-17 16:07---------d-----wC:\Program Files\Windows Live Safety Center
2008-03-08 04:22---------d--h--wC:\Program Files\InstallShield Installation Information
2008-03-04 09:10---------d-----wC:\Program Files\Minilyrics
2008-02-18 15:55---------d-----wC:\Program Files\Avanquest update
2008-02-17 01:59---------d-----wC:\Program Files\NCH Swift Sound
2008-02-17 01:58---------d-----wC:\Documents and Settings\Kah Weng\Application Data\Recordpad
2008-02-17 01:58---------d-----wC:\Documents and Settings\Kah Weng\Application Data\NCH Swift Sound
2008-02-17 01:58---------d-----wC:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-02-17 01:57---------d-----wC:\Program Files\NCH Software
2008-02-16 10:14---------d-----wC:\Documents and Settings\Kah Weng\Application Data\Leadertech
2008-02-16 04:22---------d-----wC:\Program Files\Common Files\Adobe
2008-02-16 04:21---------d-----wC:\Program Files\QuickTime
2008-02-16 04:21---------d-----wC:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-16 04:15---------d-----wC:\Program Files\Sony Ericsson
2008-02-16 04:15---------d-----wC:\Documents and Settings\Kah Weng\Application Data\InstallShield
2008-02-16 04:15---------d-----wC:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-02-16 04:15---------d-----wC:\Documents and Settings\All Users\Application Data\BVRP Software
2008-02-16 03:58---------d-----wC:\Program Files\MegauploadToolbar
2008-02-15 09:02---------d-----wC:\Program Files\CA Yahoo! Anti-Spy
2008-02-15 03:41---------d-----wC:\Documents and Settings\Kah Weng\Application Data\BiasMailDead
2008-02-15 03:40---------d-----wC:\Documents and Settings\All Users\Application Data\Ping Sign Byte Tool
2008-02-15 03:39---------d-----wC:\Program Files\BiasMailDead
2008-02-15 03:24---------d-----wC:\Program Files\Alwil Software
2008-02-12 02:18---------d---a-wC:\Documents and Settings\All Users\Application Data\TEMP
2008-02-08 02:35---------d-----wC:\Program Files\Common Files\Scanner
2008-02-08 02:33---------d-----wC:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-02-08 02:32---------d-----wC:\Program Files\Yahoo!
2008-02-08 02:32---------d-----wC:\Documents and Settings\Kah Weng\Application Data\Yahoo!
2008-02-07 04:53---------d-----wC:\Program Files\LimeWire
2008-02-06 15:36---------d-----wC:\Program Files\BitSpirit
2008-02-06 15:36---------d-----wC:\Documents and Settings\Kah Weng\Application Data\BitSpirit
2008-02-06 12:14---------d-----wC:\Documents and Settings\Kah Weng\Application Data\AdobeUM
2008-02-03 12:39---------d-----wC:\Documents and Settings\Kah Weng\Application Data\teamspeak2
2008-01-28 11:54---------d-----wC:\Program Files\Winamp
2008-01-27 14:22---------d-----wC:\Program Files\Common Files\Java
2008-01-27 03:16---------d-----wC:\Documents and Settings\LocalService\Application Data\Xfire
2008-01-26 18:25---------d-----wC:\Documents and Settings\Kah Weng\Application Data\Winamp
2008-01-24 19:11---------dcsh--wC:\Program Files\Common Files\WindowsLiveInstaller
2008-01-23 03:31---------d-----wC:\Documents and Settings\NetworkService\Application Data\BiasMailDead
2008-01-23 03:27---------d-----wC:\Documents and Settings\NetworkService\Application Data\Xfire
2008-01-22 02:44---------d-----wC:\Documents and Settings\Kah Weng\Application Data\Media Player Classic
2008-01-21 11:24---------d-----wC:\Program Files\Messenger Plus! Live
2008-01-20 08:38---------d-----wC:\Documents and Settings\Kah Weng\Application Data\Talkback
2008-01-20 06:14---------d-----wC:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-01-20 05:10---------d-----wC:\Program Files\Windows Live
2008-01-20 05:10---------d-----wC:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
2008-01-20 05:09---------d-----wC:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-20 04:57---------d-----wC:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-01-20 04:48---------d-----wC:\Program Files\Leadtek Research Inc
2008-01-20 04:47---------d-----wC:\Program Files\WinFast
2008-01-20 04:47---------d-----wC:\Program Files\Common Files\Ulead Systems
2008-01-20 04:47---------d-----wC:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-01-20 04:43---------d-----wC:\Program Files\Common Files\InstallShield
2008-01-20 04:31---------d-----wC:\Program Files\AMD
2008-01-20 04:06---------d-----wC:\Program Files\NVIDIA Corporation
2008-01-20 04:03---------d-----wC:\Program Files\Realtek Sound Manager
2008-01-20 04:03---------d-----wC:\Program Files\Realtek AC97
2008-01-20 04:03---------d-----wC:\Program Files\AvRack
2008-01-20 03:49---------d-----wC:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"sign fork"="C:\DOCUME~1\KAHWEN~1\APPLIC~1\BIASMA~1\infoobjatom.exe" [2008-02-15 11:39 465408]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2005-01-04 08:00 15360]
"WinSpyControl"="C:\Program Files\WinSpyControl\pgs.exe" [ ]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2007-10-02 16:10 356352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 17:03 94208]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2005-01-04 08:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2005-01-04 08:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2005-01-04 08:00 455168]
"SoundMan"="SOUNDMAN.EXE" [2005-08-17 18:39 90112 C:\WINDOWS\soundman.exe]
"nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-04-29 18:22 266240]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-20 21:07 7110656]
"nwiz"="nwiz.exe" [2005-07-20 21:07 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-07-20 21:07 86016]
"WinFast Schedule"="C:\Program Files\WinFast\WFTVFM\WFWIZ.exe" [2005-08-15 17:43 319488]
"WinFast2KLoadDefault"="wf2kcpl.dll" [2005-08-24 15:36 615424 C:\WINDOWS\system32\WF2KCPL.dll]
"WinFoxV2"="C:\WINDOWS\system32\WF2K.exe" [2005-08-26 09:38 1310720]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 06:54 37376]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 21:00 79224]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"BVRPLiveUpdate"="C:\Program Files\Avanquest update\Engine\Setup.exe" [ ]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"D:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"C:\\Program Files\\Ocean Technologies & Media\\GG E-Sports Platform\\GGclient.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=R3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2005-01-06 16:55]
R4 WINFOXIO;WINFOXIO;C:\WINDOWS\system32\Drivers\WINFOXIO.SYS [2005-03-25 18:24]
S2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys []
S3 w900bus;Sony Ericsson 900i driver (WDM);C:\WINDOWS\system32\DRIVERS\w900bus.sys [2005-09-06 17:46]
S3 w900mdfl;Sony Ericsson 900i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w900mdfl.sys [2005-09-06 17:48]
S3 w900mdm;Sony Ericsson 900i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\w900mdm.sys [2005-09-06 17:48]
S3 w900mgmt;Sony Ericsson 900i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\w900mgmt.sys [2005-09-06 17:49]
S3 w900obex;Sony Ericsson 900i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\w900obex.sys [2005-09-06 17:50]
S3 XDva037;XDva037;C:\WINDOWS\system32\XDva037.sys []
S3 XDva104;XDva104;C:\WINDOWS\system32\XDva104.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1dc12aff-c812-11dc-98a9-00508dc0eaa5}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
\Shell\Explore\command - Flash.10.Setup.exe
\Shell\Open\command - Flash.10.Setup.exe
\Shell\Scan for Viruses\command - Scanner.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{349a1ea3-de95-11dc-992e-00508dc0eaa5}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
\Shell\Explore\command - Flash.10.Setup.exe
\Shell\Open\command - Flash.10.Setup.exe
\Shell\Scan for Viruses\command - G:\Scanner.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66185e9e-cd7e-11dc-98bf-00508dc0eaa5}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
\Shell\Explore\command - Flash.10.Setup.exe
\Shell\Open\command - Flash.10.Setup.exe
\Shell\Scan for Viruses\command - F:\Scanner.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9bfc4114-c749-11dc-8610-806d6172696f}]
\Shell\AutoRun\command - E:\Autorun.exe root.ini

.
Contents of the 'Scheduled Tasks' folder
"2008-03-13 15:51:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-20 08:57:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-03-20 8:59:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-20 00:59:26
.
2008-03-12 09:49:00--- E O F ---
Download OTMoveIt2 by OldTimer.

Save it to your desktop.
Double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

Code: [Select]HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinSpyControl

Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window.
IMPORTANT -- Paste only into the bottom input panel (under the Yellow bar), The top panel will not help you.
Right-click and choose Paste.
Click the red Moveit! button.

Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.

Close OTMoveIt2

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start>All Programs>Accessories>Notepad), click File>Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present. Copy and then paste the contents of that document in your next post.

----------

Go back here and scroll down to the SuperAntispyware instructions and run that scan. The Heart.exe is part of a LOP infection but it isn't showing in any LOGS so I don't know where it is coming from to delete it.Maybe SAS will Find it.I don't think you gave me the right link???There's nothing on OTMoveIt2 by OldTimer(download)Link fixed, please try again.

Solve : need help with tis....?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment