My Anti Spyware

[dany]

Hi Patric,

My computer is starting to get slow again, I mean, he is slow, please see if something is wrong.
Thanks
Dany

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:57:11 AM, on 5/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE
C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [KEMailKb] C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE
O4 - HKLM\..\Run: [KPDrv4XP] C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 9706702234
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9706677578
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9390 bytes

[patrik]

Hello Dany.

HijackThis log looks ok.
If you have previously downloaded ComboFix, please delete that version now.
Download Combofix from here. Close any open browsers. Double click on combofix.exe and follow the prompts.

Post back with combofix log.

[dany]

ComboFix 09-05-11.08 - Administrator 05/11/2009 11:31.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.247.98 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
FW: eTrust EZ Firewall *enabled*
.

((((((((((((((((((((((((( Files Created from 2009-04-11 to 2009-05-11 )))))))))))))))))))))))))))))))
.

2009-05-03 00:03 . 2009-05-03 00:03 -------- d-----w c:\documents and settings\Administrator\Application Data\Apple Computer
2009-04-26 21:20 . 2009-04-26 21:20 -------- d-sh--w c:\documents and settings\Administrator\IECompatCache
2009-04-21 22:19 . 2009-04-21 22:19 -------- d-sh--w c:\documents and settings\Administrator\PrivacIE
2009-04-19 23:31 . 2009-04-19 23:31 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-04-19 23:28 . 2009-04-19 23:28 -------- d-sh--w c:\documents and settings\Administrator\IETldCache
2009-04-19 23:15 . 2009-04-19 23:15 -------- d-----w c:\windows\ie8updates
2009-04-19 23:08 . 2009-04-19 23:13 -------- dc-h--w c:\windows\ie8
2009-04-19 23:04 . 2009-02-28 04:55 105984 -c----w c:\windows\system32\dllcache\iecompat.dll
2009-04-15 14:19 . 2009-04-15 14:19 -------- d-----w c:\program files\Common Files\Skype
2009-04-15 14:19 . 2009-04-15 14:19 -------- d-----r c:\program files\Skype
2009-04-14 05:47 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-14 05:47 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-29 03:42 . 2009-04-29 11:15 1613312 ----a-w c:\windows\Internet Logs\xDBB.tmp
2009-04-29 03:42 . 2009-04-29 11:15 72704 ----a-w c:\windows\Internet Logs\xDBC.tmp
2009-04-19 23:34 . 2009-04-20 01:13 116736 ----a-w c:\windows\Internet Logs\xDBA.tmp
2009-04-19 23:31 . 2009-04-20 01:13 1595392 ----a-w c:\windows\Internet Logs\xDB9.tmp
2009-04-08 00:51 . 2009-04-08 00:51 -------- d-----w c:\program files\Windows Defender
2009-04-08 00:25 . 2009-04-08 00:25 -------- d-----w c:\program files\Opera
2009-04-07 21:19 . 2009-04-07 21:43 174080 ----a-w c:\windows\Internet Logs\xDB8.tmp
2009-04-07 20:36 . 2009-04-07 21:43 1568768 ----a-w c:\windows\Internet Logs\xDB7.tmp
2009-04-02 17:28 . 2009-04-02 17:27 -------- d-----w c:\program files\QuickTime
2009-04-02 17:26 . 2009-04-02 17:26 -------- d-----w c:\program files\Apple Software Update
2009-04-02 16:46 . 2008-12-06 16:39 -------- d-----w c:\program files\Common Files\Adobe
2009-03-31 13:00 . 2008-12-06 15:29 -------- d-----w c:\program files\CCleaner
2009-03-26 20:01 . 2009-03-26 20:01 -------- d-----w c:\program files\Trend Micro
2009-03-25 02:36 . 2008-12-10 23:45 -------- d-----w c:\program files\Windows Live
2009-03-25 02:35 . 2009-03-25 02:35 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-03-23 23:45 . 2009-03-11 23:35 -------- d-----w c:\program files\Creative
2009-03-23 23:45 . 2008-12-06 14:57 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-23 17:31 . 2009-03-23 17:31 -------- d-----w c:\program files\Microsoft Sync Framework
2009-03-23 17:29 . 2009-03-23 17:29 -------- d-----w c:\program files\Microsoft
2009-03-23 17:28 . 2009-03-23 17:28 -------- d-----w c:\program files\Windows Live SkyDrive
2009-03-23 17:21 . 2009-03-23 17:21 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-23 02:20 . 2009-03-23 02:24 2838016 ----a-w c:\windows\Internet Logs\xDB6.tmp
2009-03-23 01:44 . 2009-03-23 02:23 1494016 ----a-w c:\windows\Internet Logs\xDB3.tmp
2009-03-23 00:44 . 2009-03-06 13:54 4212 ---h--w c:\windows\system32\zllictbl.dat
2009-03-12 16:13 . 2009-03-12 17:43 1486336 ----a-w c:\windows\Internet Logs\xDB4.tmp
2009-03-11 23:44 . 2009-03-12 17:43 2826240 ----a-w c:\windows\Internet Logs\xDB5.tmp
2009-03-11 23:44 . 2009-03-11 11:50 528629 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-03-08 08:34 . 2007-04-15 21:23 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 08:34 . 2007-04-15 21:24 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 08:33 . 2007-04-15 21:24 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 08:33 . 2007-04-15 21:23 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 08:32 . 2007-04-15 21:24 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 08:32 . 2007-04-15 21:24 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 08:31 . 2007-04-15 21:24 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 08:31 . 2007-04-15 21:24 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 08:31 . 2007-04-15 21:24 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 08:22 . 2007-04-15 21:24 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2004-08-03 23:56 284160 ----a-w c:\windows\system32\pdh.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-20 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-27 24103720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-02-16 1169776]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-02-16 1945960]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-02-16 149024]
"KEMailKb"="c:\progra~1\MICROI~1\INTERN~1\KEMailKb.EXE" [2005-08-09 401408]
"KPDrv4XP"="c:\progra~1\MICROI~1\INTERN~1\KPDrv4XP.EXE" [2005-02-21 40960]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-22 188416]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2002-11-22 348160]
"HPHUPD04"="c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-11-22 49152]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"Zone Labs Client"="c:\program files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe" [2004-10-12 722192]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CAMTRAY.EXE" [2004-07-30 245760]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 HIDKbFlt;HIDKbFlt.SvcDesc%;c:\windows\system32\drivers\HIDKbFlt.sys [12/11/2008 12:58 PM 23680]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [1/14/2009 5:53 PM 226656]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [3/11/2009 8:00 PM 91830]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7eb18d3e-c3a9-11dd-af6c-00402b453c53}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-05-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: aol.com\free
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-11 11:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1454471165-1958367476-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fb,b3,bb,8a,ad,c3,6a,4a,af,c8,41,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fb,b3,bb,8a,ad,c3,6a,4a,af,c8,41,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(624)
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\hccutils.DLL

- - - - - - - > 'lsass.exe'(680)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(2444)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Completion time: 2009-05-11 11:41
ComboFix-quarantined-files.txt 2009-05-11 15:41

Pre-Run: 40,064,327,680 bytes free
Post-Run: 40,110,829,568 bytes free

174 --- E O F --- 2009-05-07 03:35

[patrik]

Open notepad, copy/paste the text in the code box below into notepad:

Code: Select all

RegLock:
[HKEY_USERS\S-1-5-21-1454471165-1958367476-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]

Registry::
[HKEY_USERS\S-1-5-21-1454471165-1958367476-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=-
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=-


Name the Notepad file CFScript and Save it to your desktop. Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

When finished, it will produce a report for you. Save a log to your desktop.

Please scan your computer with Kaspersky Online Scanner.

Post back with a combofix log + Kaspersky online scan report.

[dany]

Hi Patric, I did run the Kapersky scan online, but it didn't show any reposts or logs. It only says that has no threats.
So here's the combofix log.
And my computer is still slow, sometime it gets froze up.
Thanks

ComboFix 09-05-11.08 - Administrator 05/12/2009 16:49.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.247.82 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
FW: eTrust EZ Firewall *enabled*
.

((((((((((((((((((((((((( Files Created from 2009-04-12 to 2009-05-12 )))))))))))))))))))))))))))))))
.

2009-05-03 00:03 . 2009-05-03 00:03 -------- d-----w c:\documents and settings\Administrator\Application Data\Apple Computer
2009-04-26 21:20 . 2009-04-26 21:20 -------- d-sh--w c:\documents and settings\Administrator\IECompatCache
2009-04-21 22:19 . 2009-04-21 22:19 -------- d-sh--w c:\documents and settings\Administrator\PrivacIE
2009-04-19 23:31 . 2009-04-19 23:31 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-04-19 23:28 . 2009-04-19 23:28 -------- d-sh--w c:\documents and settings\Administrator\IETldCache
2009-04-19 23:15 . 2009-04-19 23:15 -------- d-----w c:\windows\ie8updates
2009-04-19 23:08 . 2009-04-19 23:13 -------- dc-h--w c:\windows\ie8
2009-04-19 23:04 . 2009-02-28 04:55 105984 -c----w c:\windows\system32\dllcache\iecompat.dll
2009-04-15 14:19 . 2009-04-15 14:19 -------- d-----w c:\program files\Common Files\Skype
2009-04-15 14:19 . 2009-04-15 14:19 -------- d-----r c:\program files\Skype
2009-04-14 05:47 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-14 05:47 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-29 03:42 . 2009-04-29 11:15 1613312 ----a-w c:\windows\Internet Logs\xDBB.tmp
2009-04-29 03:42 . 2009-04-29 11:15 72704 ----a-w c:\windows\Internet Logs\xDBC.tmp
2009-04-19 23:34 . 2009-04-20 01:13 116736 ----a-w c:\windows\Internet Logs\xDBA.tmp
2009-04-19 23:31 . 2009-04-20 01:13 1595392 ----a-w c:\windows\Internet Logs\xDB9.tmp
2009-04-08 00:51 . 2009-04-08 00:51 -------- d-----w c:\program files\Windows Defender
2009-04-08 00:25 . 2009-04-08 00:25 -------- d-----w c:\program files\Opera
2009-04-07 21:19 . 2009-04-07 21:43 174080 ----a-w c:\windows\Internet Logs\xDB8.tmp
2009-04-07 20:36 . 2009-04-07 21:43 1568768 ----a-w c:\windows\Internet Logs\xDB7.tmp
2009-04-02 17:28 . 2009-04-02 17:27 -------- d-----w c:\program files\QuickTime
2009-04-02 17:26 . 2009-04-02 17:26 -------- d-----w c:\program files\Apple Software Update
2009-04-02 16:46 . 2008-12-06 16:39 -------- d-----w c:\program files\Common Files\Adobe
2009-03-31 13:00 . 2008-12-06 15:29 -------- d-----w c:\program files\CCleaner
2009-03-26 20:01 . 2009-03-26 20:01 -------- d-----w c:\program files\Trend Micro
2009-03-25 02:36 . 2008-12-10 23:45 -------- d-----w c:\program files\Windows Live
2009-03-25 02:35 . 2009-03-25 02:35 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-03-23 23:45 . 2009-03-11 23:35 -------- d-----w c:\program files\Creative
2009-03-23 23:45 . 2008-12-06 14:57 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-23 17:31 . 2009-03-23 17:31 -------- d-----w c:\program files\Microsoft Sync Framework
2009-03-23 17:29 . 2009-03-23 17:29 -------- d-----w c:\program files\Microsoft
2009-03-23 17:28 . 2009-03-23 17:28 -------- d-----w c:\program files\Windows Live SkyDrive
2009-03-23 17:21 . 2009-03-23 17:21 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-23 02:20 . 2009-03-23 02:24 2838016 ----a-w c:\windows\Internet Logs\xDB6.tmp
2009-03-23 01:44 . 2009-03-23 02:23 1494016 ----a-w c:\windows\Internet Logs\xDB3.tmp
2009-03-23 00:44 . 2009-03-06 13:54 4212 ---h--w c:\windows\system32\zllictbl.dat
2009-03-12 16:13 . 2009-03-12 17:43 1486336 ----a-w c:\windows\Internet Logs\xDB4.tmp
2009-03-11 23:44 . 2009-03-12 17:43 2826240 ----a-w c:\windows\Internet Logs\xDB5.tmp
2009-03-11 23:44 . 2009-03-11 11:50 528629 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-03-08 08:34 . 2007-04-15 21:23 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 08:34 . 2007-04-15 21:24 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 08:33 . 2007-04-15 21:24 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 08:33 . 2007-04-15 21:23 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 08:32 . 2007-04-15 21:24 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 08:32 . 2007-04-15 21:24 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 08:31 . 2007-04-15 21:24 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 08:31 . 2007-04-15 21:24 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 08:31 . 2007-04-15 21:24 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 08:22 . 2007-04-15 21:24 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2004-08-03 23:56 284160 ----a-w c:\windows\system32\pdh.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-05-11_15.36.51 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-06 15:54 . 2009-04-29 03:41 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-12-06 15:54 . 2009-05-12 20:27 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-12-06 15:54 . 2009-04-29 03:41 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-12-06 15:54 . 2009-05-12 20:27 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-12-06 15:54 . 2009-04-29 03:41 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-12-06 15:54 . 2009-05-12 20:27 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-12-06 15:54 . 2009-04-29 03:41 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-12-06 15:54 . 2009-05-12 20:27 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-12-06 15:54 . 2009-04-29 03:41 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-12-06 15:54 . 2009-05-12 20:27 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-12-06 15:54 . 2009-05-12 20:27 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2008-12-06 15:54 . 2009-04-29 03:41 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2008-12-06 15:54 . 2009-04-29 03:41 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-12-06 15:54 . 2009-05-12 20:27 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-12-06 15:54 . 2009-05-12 20:27 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-12-06 15:54 . 2009-04-29 03:41 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2008-12-06 15:54 . 2009-05-12 20:27 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-12-06 15:54 . 2009-04-29 03:41 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-12-06 15:54 . 2009-04-29 03:41 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-12-06 15:54 . 2009-05-12 20:27 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2008-12-06 15:54 . 2009-04-29 03:41 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-12-06 15:54 . 2009-05-12 20:27 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-12-06 15:54 . 2009-04-29 03:41 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-12-06 15:54 . 2009-05-12 20:27 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2007-04-15 21:22 . 2009-05-07 07:16 24699336 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-20 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-27 24103720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-02-16 1169776]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-02-16 1945960]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-02-16 149024]
"KEMailKb"="c:\progra~1\MICROI~1\INTERN~1\KEMailKb.EXE" [2005-08-09 401408]
"KPDrv4XP"="c:\progra~1\MICROI~1\INTERN~1\KPDrv4XP.EXE" [2005-02-21 40960]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-22 188416]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2002-11-22 348160]
"HPHUPD04"="c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-11-22 49152]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"Zone Labs Client"="c:\program files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe" [2004-10-12 722192]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CAMTRAY.EXE" [2004-07-30 245760]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 HIDKbFlt;HIDKbFlt.SvcDesc%;c:\windows\system32\drivers\HIDKbFlt.sys [12/11/2008 12:58 PM 23680]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [1/14/2009 5:53 PM 226656]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [3/11/2009 8:00 PM 91830]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7eb18d3e-c3a9-11dd-af6c-00402b453c53}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-05-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: aol.com\free
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-12 16:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1454471165-1958367476-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fb,b3,bb,8a,ad,c3,6a,4a,af,c8,41,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fb,b3,bb,8a,ad,c3,6a,4a,af,c8,41,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(624)
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\hccutils.DLL

- - - - - - - > 'lsass.exe'(680)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(2428)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Completion time: 2009-05-12 16:59
ComboFix-quarantined-files.txt 2009-05-12 20:58
ComboFix2.txt 2009-05-11 15:41

Pre-Run: 39,953,608,704 bytes free
Post-Run: 39,968,808,960 bytes free

204 --- E O F --- 2009-05-12 20:28

[patrik]

Download GMER Antirootkit from here and uzip it to a folder that you create such as C:\Gmer\.

Disconnect from the internet and disable all active protection so your security program drivers will not conflict with gmer's driver
Double-click Gmer.exe to run the program.
When the program opens, click the ">>>" Tab
Click the "Rootkit/Malware" Tab.
Select all drives that are connected to your system to be scanned.
Click the Scan button.
When the scan is finished, click Copy to save the scan log to the Windows clipboard.
Open Notepad or a similar text editor.
Paste the clipboard contents into a text file by clicking Edit -> Paste or Ctrl + V
Save the gmer scan log to your desktop.
Close Gmer.

Scan your computer with Kaspersky Online Scanner.

Post back with GMER log + Kaspersky online scanner report.

[dany]

Hi, Patric I run GMER and the Kapersky too, but to tell the truth my computer seems slowly. I tried run the kapersky three times because it froze in the middle. So here's only the GMER log because the kapersky there was nothing.
thanks

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-17 15:46:50
Windows 5.1.2600 Service Pack 3


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Administrator\Local Settings\temp\etilqs_ydBvpnxfhOaEbhV1TYxb 0 bytes

---- EOF - GMER 1.0.15 ----

[dany]

Wednesday, May 13, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Thursday, May 14, 2009 17:37:21
Records in database: 2176884

Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\
D:\
E:\

Scan statistics
Files scanned 38700
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 03:48:31

No malware has been detected. The scan area is clean.
The selected area was scanned.

[patrik]

All logs look are good.

My computer is starting to get slow again, I mean, he is slow, please see if something is wrong.

when you first noticed it ?

[dany]

I don't exactly remember but when I wrote that was before I download all this programs that you ask me. After I start to scan with kapersky it got worst, so on after the gmer. I don't know for sure, but maybe is because my computer don't have too much memory to support all this programs. But then again who am I to say that.

Thanks again

[patrik]

Uninstall all unused programs.

Uninstall combofix. Click Start > Run - type ComboFix /u and press Enter.

Defragment your disk drive volumes.
1. Open My Computer.
2. Right-click the local disk volume that you want to defragment, and then click Properties.
3. On the Tools tab, click Defragment Now.
4. Click Defragment.

[dany]

Well I did everything, it got a little better but still slow. What do you think it is?
Thanks

[patrik]

Uninstall all unused programs.
Download RSIT by random/random from here and save it to your desktop.

* Double click on RSIT.exe to run RSIT.
* Click Continue at the disclaimer screen.
* Once it has finished, two logs will open.

Post back with both RSIT logs. Post each log in separate post.