Thanks again, I can say that my system is performing much faster than before.
Here are the logs:
ComboFix 08-03-27.2 - Derek 2008-03-31 21:06:22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1627 [GMT -6:00]
Running from: C:\Documents and Settings\Derek\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Derek\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\Documents and Settings\Derek\Desktop\Derek's Stuff\New Downloaded\setup.exe
C:\Documents and Settings\Derek\Local Settings\Temp\Av-test.txt
C:\Documents and Settings\Derek\Local Settings\Temp\RCX4.tmp
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\HijackThis\backups\backup-20071225-202636-925-source.html
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Derek\Desktop\Derek's Stuff\New Downloaded\setup.exe
C:\Documents and Settings\Derek\Local Settings\Temp\Av-test.txt
C:\Documents and Settings\Derek\Local Settings\Temp\RCX4.tmp
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\HijackThis\backups\backup-20071225-202636-925-source.html
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\asxdaqrb.ini
C:\WINDOWS\system32\btsebbsb.ini
C:\WINDOWS\system32\byysmdyc.ini
C:\WINDOWS\system32\ceayejlx.dll
C:\WINDOWS\system32\gdfuhmju.exe
C:\WINDOWS\system32\gebyv.dll
C:\WINDOWS\system32\gebyv.exe
C:\WINDOWS\system32\grojhueo.ini
C:\WINDOWS\system32\ikhcore.cfg
C:\WINDOWS\system32\iswujybt.ini
C:\WINDOWS\system32\mbjpbytn.ini
C:\WINDOWS\system32\mkgcdmog.ini
C:\WINDOWS\system32\ogqyfako.dll
C:\WINDOWS\system32\okafyqgo.ini
C:\WINDOWS\system32\oyilybew.ini
C:\WINDOWS\system32\ppnst.dll
C:\WINDOWS\system32\qwphsrnx.ini
C:\WINDOWS\system32\RCX10.tmp
C:\WINDOWS\system32\RCX11.tmp
C:\WINDOWS\system32\RCX1E.tmp
C:\WINDOWS\system32\RCXA.tmp
C:\WINDOWS\system32\RCXF.tmp
C:\WINDOWS\system32\tehqgyey.ini
C:\WINDOWS\system32\tmjgkjce.ini
C:\WINDOWS\system32\ujdanjwu.ini
C:\WINDOWS\system32\urpejwlu.ini
C:\WINDOWS\system32\vnjewtkx.ini
C:\WINDOWS\system32\vswifcts.ini
C:\WINDOWS\system32\vybeg.ini
C:\WINDOWS\system32\vybeg.ini2
C:\WINDOWS\system32\wrvoqifa.ini
C:\WINDOWS\system32\ymuhuxvq.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_npf
-------\Service_npf
((((((((((((((((((((((((( Files Created from 2008-03-01 to 2008-04-01 )))))))))))))))))))))))))))))))
.
2008-03-29 17:47 . 2008-03-29 17:47 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-29 17:47 . 2008-03-29 17:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-29 13:42 . 2008-03-29 13:42 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-29 13:42 . 2008-03-29 13:42 <DIR> d-------- C:\Documents and Settings\Derek\Application Data\Malwarebytes
2008-03-29 13:42 . 2008-03-29 13:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-28 23:15 . 2008-03-29 13:21 0 --ah----- C:\BIT6.tmp
2008-03-27 18:40 . 2008-03-29 13:31 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-03-27 18:40 . 2008-03-27 18:40 <DIR> d-------- C:\Documents and Settings\Derek\Application Data\PC Tools
2008-03-27 18:40 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-03-27 18:40 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-03-27 18:40 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-03-27 18:40 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-03-27 16:48 . 2008-03-27 16:48 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-03-27 16:46 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-03-27 16:46 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-03-27 16:46 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-03-27 16:46 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-03-27 16:46 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-03-25 16:25 . 2008-03-25 16:25 <DIR> d-------- C:\Logs
2008-03-23 17:59 . 2008-03-23 18:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-20 19:46 . 2008-03-27 07:15 920 --a------ C:\WINDOWS\wininit.ini
2008-03-20 19:30 . 2008-03-29 13:29 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-20 19:30 . 2008-03-27 17:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-15 13:35 . 2008-03-28 23:02 0 --ah----- C:\BIT126.tmp
2008-03-12 12:33 . 2008-03-12 12:33 <DIR> d-------- C:\Program Files\iPod
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-01 03:06 --------- d-----w C:\Program Files\iTunes
2008-03-29 19:40 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-29 19:40 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-29 19:29 --------- d-----w C:\Program Files\Lexmark 4300 Series
2008-03-29 19:29 --------- d-----w C:\Program Files\Curse
2008-03-28 02:44 158,208 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\MSConfig.exe
2008-03-27 06:34 --------- d-----w C:\Program Files\Winamp
2008-03-25 21:56 --------- d-----w C:\Program Files\World of Warcraft
2008-03-21 00:47 --------- d-----w C:\Documents and Settings\Derek\Application Data\LimeWire
2008-02-25 03:37 --------- d-----w C:\Documents and Settings\Derek\Application Data\GetRightToGo
2008-02-25 03:17 --------- d-----w C:\Documents and Settings\Derek\Application Data\Turbine
2008-02-25 02:51 --------- d-----w C:\Program Files\Turbine
2008-02-13 04:24 --------- d-----w C:\Documents and Settings\Derek\Application Data\IGN_DLM
2008-02-08 17:47 --------- d-----w C:\Program Files\Google
2008-02-02 04:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-02 04:52 --------- d-----w C:\Program Files\Sony
2007-12-18 17:08 4,346,084 ----a-w C:\Documents and Settings\Derek\WoW-2.3.0.7561-to-0.3.2.7627-enUS-patch.exe
2007-08-30 01:06 17,528 ----a-w C:\Documents and Settings\Derek\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((( snapshot@2008-03-29_13.37.34.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-05-24 18:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 21:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 21:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Derek^Start Menu^Programs^Startup^Spruce - Auto Update.lnk]
path=C:\Documents and Settings\Derek\Start Menu\Programs\Startup\Spruce - Auto Update.lnk
backup=C:\WINDOWS\pss\Spruce - Auto Update.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Derek^Start Menu^Programs^Startup^TA_Start.lnk]
path=C:\Documents and Settings\Derek\Start Menu\Programs\Startup\TA_Start.lnk
backup=C:\WINDOWS\pss\TA_Start.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 02:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2008-03-13 09:51 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-06-27 18:03 152872 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bssa]
C:\WINDOWS\system32\ECURIT~1\notepad.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2007-12-25 20:04 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CurseClient]
--a------ 2008-03-25 18:02 477696 C:\Program Files\Curse\CurseClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
--a------ 2008-03-13 09:51 1103480 C:\Program Files\FilePlanet\Download Manager\dlm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
--a------ 2008-03-28 23:44 1103240 C:\Program Files\Spyware Doctor\pctsTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 14:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-11-14 23:43 286720 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--a------ 2008-03-20 21:08 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSnD]
--a------ 2008-03-27 17:44 5146448 C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 02:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-01-15 16:54 37376 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMIndexingService"=3 (0x3)
"NBService"=3 (0x3)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Turbine\\The Lord of the Rings Online\\lotroclient.exe"=
[HKLM\~\Services\\mlnet.exe"=]
.
Contents of the 'Scheduled Tasks' folder
"2008-03-29 02:58:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-03-31 21:09:21
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2008-03-31 21:12:04 - machine was rebooted [Derek]
ComboFix-quarantined-files.txt 2008-04-01 03:12:02
ComboFix2.txt 2008-03-29 05:12:10
ComboFix3.txt 2007-12-26 02:49:34
Pre-Run: 63,648,145,408 bytes free
Post-Run: 63,633,424,384 bytes free
And:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:20:40 PM, on 3/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Removal.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/partne ... nicode.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/windows ... 6657940390O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
--
End of file - 2671 bytes