Thank you very much for the help.
Here is the OTMoveIt2 log:
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\monln.dll
C:\WINDOWS\SYSTEM32\monln.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\monln.dll moved successfully.
File/Folder C:\WINDOWS\SYSTEM32\haofjbmj.dll not found.
< Purity >
C:\WINDOWS\Αdobe moved successfully.
C:\WINDOWS\Fοnts moved successfully.
C:\WINDOWS\Мicrosoft moved successfully.
C:\WINDOWS\system32\ΑppPatch moved successfully.
C:\WINDOWS\system32\Міcrosoft moved successfully.
C:\WINDOWS\system32\ѕecurity moved successfully.
C:\WINDOWS\system32\Ѕуmantec moved successfully.
C:\WINDOWS\system32\ѕуmbols moved successfully.
C:\WINDOWS\system32\Τasks moved successfully.
C:\WINDOWS\system32\Тasks moved successfully.
C:\WINDOWS\system32\WіnSxS moved successfully.
C:\Program Files\аѕsembly moved successfully.
C:\Program Files\Fоnts moved successfully.
C:\Program Files\Ѕуmantec moved successfully.
C:\Program Files\ѕystem moved successfully.
C:\Program Files\Common Files\Sуmantec moved successfully.
C:\Documents and Settings\MOOGLE\My Documents\Αdobe\New Folder (2) moved successfully.
C:\Documents and Settings\MOOGLE\My Documents\Αdobe\Brushes moved successfully.
C:\Documents and Settings\MOOGLE\My Documents\Αdobe moved successfully.
C:\Documents and Settings\MOOGLE\Application Data\АрpPatch moved successfully.
C:\Documents and Settings\MOOGLE\Application Data\ѕecurity moved successfully.
C:\Documents and Settings\MOOGLE\Application Data\ѕеcurity moved successfully.
C:\Documents and Settings\MOOGLE\Application Data\ѕуstem moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04102008_173339
ComboFix Log:
ComboFix 08-04-10.4 - MOOGLE 2008-04-10 18:13:30.2 - NTFSx86
Running from: C:\Documents and Settings\MOOGLE\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\MOOGLE\Application Data\macromedia\Flash Player\#SharedObjects\C2WTK59M\www.broadcaster.com
C:\Documents and Settings\MOOGLE\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\MOOGLE\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Program Files\cmsystem
C:\Program Files\cmsystem\cmappupdate.exe
C:\Program Files\cmsystem\sf.txt
C:\Program Files\cmsystem\Uninstall.exe
C:\Program Files\Helper
C:\Program Files\Helper\1206401299.dll
C:\Program Files\winupdates
C:\WINDOWS\Downloaded Program Files\ysbactivex.dll
C:\WINDOWS\pf78.exe
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tpuninstall.exe
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\system32\wtsisu.exe
C:\WINDOWS\system32\wtssvsu.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_WINDOWS_OVERLAY_COMPONENTS
-------\Service_NwSapAgent
-------\Service_Windows Overlay Components
((((((((((((((((((((((((( Files Created from 2008-03-10 to 2008-04-10 )))))))))))))))))))))))))))))))
.
2008-04-10 18:04 . 2008-04-10 18:26 0 --a------ C:\WINDOWS\system.ini
2008-04-10 17:33 . 2008-04-10 17:33 <DIR> d-------- C:\_OTMoveIt
2008-04-10 14:34 . 2008-04-10 14:34 11,776 --a------ C:\Resume.wps
2008-04-10 12:31 . 2008-04-10 12:31 <DIR> d-------- C:\Documents and Settings\Phoukham\Application Data\Template
2008-04-09 22:04 . 2008-04-09 22:04 <DIR> d-------- C:\d808d1b0862c2ba06d
2008-04-08 15:50 . 2008-04-08 15:50 512 --a------ C:\sek
2008-04-08 02:50 . 2008-04-10 18:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-08 02:50 . 2008-04-08 02:50 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-08 02:45 . 2008-04-08 02:45 <DIR> d-------- C:\Program Files\iPod
2008-04-08 02:39 . 2008-04-08 02:40 <DIR> d-------- C:\Program Files\QuickTime
2008-04-04 23:11 . 2008-04-04 23:11 <DIR> d-------- C:\Documents and Settings\Sam Supanhnapom\Application Data\Lavasoft
2008-03-31 20:02 . 2008-03-31 21:29 <DIR> d-------- C:\Documents and Settings\MOOGLE\.SunDownloadManager
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-25 18:27 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-25 18:27 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-25 18:27 . 2008-03-22 15:49 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-25 18:27 . 2008-03-15 17:16 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-25 18:27 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-03-25 18:27 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-25 18:27 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-25 18:03 . 2008-03-25 18:03 <DIR> d-------- C:\Autoruns
2008-03-25 16:49 . 2008-03-25 16:49 276,316 --a------ C:\Pass2.cmd
2008-03-24 22:08 . 2008-03-25 18:36 1,828 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-24 22:05 . 2008-03-24 22:09 <DIR> d-------- C:\Documents and Settings\MOOGLE\SmitfraudFix
2008-03-24 21:39 . 2008-03-24 21:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2008-03-24 21:39 . 2008-03-24 21:36 102,400 --a------ C:\WINDOWS\system32\drivers\cavasm.sys
2008-03-24 21:39 . 2008-03-24 21:36 73,728 --a------ C:\WINDOWS\system32\CavEmLSP.dll
2008-03-24 21:38 . 2008-03-24 21:37 434,252 --a------ C:\WINDOWS\system32\MSVCRTD.DLL
2008-03-20 23:56 . 2008-03-20 23:56 <DIR> d-------- C:\Documents and Settings\MOOGLE\Application Data\Uniblue
2008-03-20 16:12 . 2008-03-24 22:00 <DIR> d-------- C:\Program Files\Uniblue
2008-03-20 16:00 . 2008-03-24 21:39 <DIR> d-------- C:\Program Files\comodo
2008-03-20 15:43 . 2008-03-20 15:43 <DIR> d-------- C:\Program Files\Zamaan's Software
2008-03-20 15:43 . 1998-06-24 13:00 244,024 --a------ C:\WINDOWS\system32\MSFLXGRD.OCX
2008-03-20 15:43 . 2000-05-22 17:00 203,976 --a------ C:\WINDOWS\system32\richtx32.ocx
2008-03-20 15:43 . 2004-03-09 13:00 132,880 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-03-20 15:39 . 2008-03-20 15:39 <DIR> d-------- C:\Documents and Settings\MOOGLE\Application Data\WinPatrol
2008-03-20 15:37 . 2008-03-20 15:37 <DIR> d-------- C:\Program Files\BillP Studios
2008-03-20 15:36 . 2008-03-20 16:06 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-20 15:35 . 2008-03-20 15:35 <DIR> d-------- C:\Program Files\Windows Live
2008-03-20 15:35 . 2008-03-20 16:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-20 11:34 . 2007-10-27 23:46 2,400,784 --a------ C:\WLinstaller.exe
2008-03-16 14:20 . 2008-04-04 23:17 <DIR> d-------- C:\Documents and Settings\Sam Supanhnapom\Application Data\Apple Computer
2008-03-13 12:24 . 2008-03-13 12:24 <DIR> d-------- C:\Program Files\Clickincome Inc
2008-03-12 22:57 . 2008-03-25 15:45 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-12 22:54 . 2008-03-12 22:54 <DIR> d-------- C:\Program Files\KeePass Password Safe
2008-03-11 16:21 . 2008-03-11 16:21 <DIR> d-------- C:\Program Files\Bonjour
2008-03-10 17:33 . 2008-03-10 17:33 <DIR> d-------- C:\Program Files\Smart Projects
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-08 07:45 --------- d-----w C:\Program Files\iTunes
2008-04-08 06:16 --------- d-----w C:\Program Files\PeoplePC
2008-04-05 01:05 --------- d-----w C:\Program Files\CompuServe 7.0
2008-04-04 02:01 --------- d-----w C:\Program Files\YourSiteBar
2008-03-25 19:07 --------- d-----w C:\Program Files\ewido anti-malware
2008-03-25 18:36 --------- d-----w C:\Program Files\Lavasoft
2008-03-25 02:37 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-03-25 02:37 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-03-25 02:37 1,060,864 ----a-w C:\WINDOWS\system32\MFC71.DLL
2008-03-22 06:05 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-03-20 20:43 13,312 --s-a-w C:\WINDOWS\system32\lvhjtsa.dll
2008-03-19 05:30 --------- d-----w C:\Program Files\MSN Messenger
2008-03-19 05:29 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-11 21:21 --------- d-----w C:\Program Files\MySpace
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-28 01:36 --------- d-----w C:\Program Files\PeoplePC Accelerate
2008-02-28 01:35 --------- d-----w C:\Documents and Settings\MOOGLE\Application Data\PeoplePC Online
2008-02-21 02:45 --------- d-----w C:\Program Files\AIM6
2008-02-21 02:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-02-21 02:40 --------- d-----w C:\Program Files\Viewpoint
2008-02-21 02:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-21 02:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-11 00:59 --------- d-----w C:\Documents and Settings\MOOGLE\Application Data\GetRight
2008-02-10 16:35 --------- d-----w C:\Documents and Settings\Sam Supanhnapom\Application Data\MSN6
2008-01-29 17:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
2007-02-01 23:11 582 ----a-w C:\Program Files\readme.txt
2007-02-01 23:02 313,344 ----a-w C:\Program Files\hjsplit.exe
2006-04-16 01:47 81 -c--a-w C:\Program Files\MDMaker2_en.xml_.md5
2006-04-15 23:10 81 -c--a-w C:\Program Files\MDMaker2_en.xml.md5
2006-04-15 23:10 217 -c--a-w C:\Program Files\MDMaker2_en.xml
2006-04-15 22:33 88 -c--a-w C:\Program Files\GayoList_MyDancer.xml.md5
2006-04-15 22:33 126 -c--a-w C:\Program Files\GayoList_MyDancer.xml
2005-07-21 08:02 280,064 ----a-w C:\Documents and Settings\MOOGLE\Application Data\tizhook.bin
2005-07-21 08:02 137,947 ----a-w C:\Documents and Settings\MOOGLE\Application Data\tizupd.bin
2005-07-14 17:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 20:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-22 03:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2005-07-28 05:13 56 -csh--r C:\WINDOWS\system32\F036A267D9.sys
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2005-07-28 05:13 5,852 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2005-02-28 18:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-04 14:41 68856]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-08-09 18:20 67128]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSFIE]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tdidrv32.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lao Keyboard Mapping.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Lao Keyboard Mapping.lnk
backup=C:\WINDOWS\pss\Lao Keyboard Mapping.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoLoader40pd1aKeOaPN]
C:\WINDOWS\system32\slecconf.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 02:56 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nForce Tray Options]
--a------ 2003-09-03 17:25 73728 C:\WINDOWS\system32\sstray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2004-03-04 09:29 782336 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\Paltalk\\paltalk.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\aim\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\comodo\\Comodo AntiVirus\\CMain.exe"=
"C:\\Program Files\\AC3Filter\\ac3config.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14253:TCP"= 14253:TCP:*:Disabled:BitComet 14253 TCP
"14253:UDP"= 14253:UDP:*:Disabled:BitComet 14253 UDP
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
FastUserSwitchingCompatibility
HidServ
LanmanServer
LanmanWorkstation
Messenger
Nla
NWCWorkstation
Schedule
Seclogon
SRService
Themes
TrkWks
W32Time
Wmi
WmdmPmSp
winmgmt
TermService
wuauserv
BITS
ShellHWDetection
helpsvc
xmlprov
wscsvc
.
Contents of the 'Scheduled Tasks' folder
"2008-04-05 23:23:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-05 01:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/task:
"2008-04-10 20:15:19 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2008-04-10 01:45:43 C:\WINDOWS\Tasks\User_Feed_Synchronization-{D6DF32E0-270D-4B30-B048-5BA11D674BAF}.job"
- C:\WINDOWS\system32\msfeedssync.exe
"2007-09-15 07:53:29 C:\WINDOWS\Tasks\Windows Media Player.job"
- C:\PROGRA~1\WINDOW~2\wmplayer.exe
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-04-10 18:26:26
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-10 18:34:20
ComboFix-quarantined-files.txt 2008-04-10 23:33:49
Pre-Run: 35,298,697,216 bytes free
Post-Run: 35,277,099,008 bytes free
.
2008-04-10 20:10:37 --- E O F ---
Show Posts
