So I would re-post my problem and the DDS logs as below.
My problem is that my computer has become very slow couple weeks ago. I tried to scan it with NOD32 and was informed that my computer was attacked by spy.Zbot.ZR trojan. It stated that Operating memory was attacked and the trojan could not be cleaned. NOD32 also found couple other trojans but was able to clean them from computer. I have run the computer through with Malwarebytes' Anti-Malware and it found some other threats and cleaned them from system, too.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by KYTANG at 13:19:56 on 2011-11-02
Microsoft Windows XP Professional 5.1.2600.3.950.886.1028.18.255.46 [GMT 8:00]
.
AV: ESET Smart Security 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Green Software\工作列管理大師-Visual Tooltip v2.2 繁體綠化版\VisualToolTip.exe
C:\Program Files\Green Software\讓XP擁有比Vista更炫的3D視窗特效-WinFlip v0.50 繁體綠色版\WinFlip.exe
C:\Program Files\Drive Space Indicator\DrvSpace.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Green Software\記憶體優化軟體-FreeRAM XP Pro v1.40 中文免安裝版\FreeRAM XP Pro.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\conime.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://hk.yahoo.com/
mWinlogon: SFCDisable=-99 (0xffffff9d)
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
TB: StylerToolBar: {d2f8f919-690b-4ea2-9fa7-a203d1e04f75} - c:\program files\green software\讓檔案總管變的更漂剋-styler v1.401 繁體綠色版\tb\StylerTB.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [FreeRAM XP] "c:\program files\green software\邕憶體優化軟體-freeram xp pro v1.40 中文吻安裝版\FreeRAM XP Pro.exe" -win
uRun: [{DFEFB883-ED91-7502-F445-755269A46367}] "c:\documents and settings\kytang\application data\idomfi\evnaabi.exe"
mRun: [Visual Tooltip] c:\program files\green software\工作圭管理大師-visual tooltip v2.2 繁體綠化版\VisualToolTip.exe
mRun: [WinFlip] c:\program files\green software\讓xp擁有比vista更炫的3d視窗盎效-winflip v0.50 繁體綠色版\WinFlip.exe
mRun: [DriveSpace] c:\program files\drive space indicator\DrvSpace.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Ulead AutoDetector v2] c:\program files\common files\ulead systems\autodetector\monitor.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
dRun: [msdrm] msdrm.exe
IE: 匯出至 Microsoft Excel(&X) - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\netlimiter\nl_lsp.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupda ... 0120334984
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{D3B04869-4614-4514-963B-B82D4FF63BC1} : NameServer = 203.198.23.208,218.102.32.208
Notify: WBSrv - c:\program files\green software\windowblinds\WBSrv.dll
AppInit_DLLs: wbsys.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {D58F39FF-953E-4F45-898F-59F243B9A523} - RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
============= SERVICES / DRIVERS ===============
.
R0 amdagp8p;AMD NB AGP Bus Filter;c:\windows\system32\drivers\amdagp8p.sys [2008-8-31 27648]
R0 dontgo;Promise Removable Disk Control Driver;c:\windows\system32\drivers\dontgo.sys [2008-8-31 7680]
R0 tmagp;Transmeta TM 8000 AGP Filter Driver;c:\windows\system32\drivers\TMAGP.SYS [2008-8-31 27648]
R0 ULiAGP;ULi AGP Controller Bus Filter Driver;c:\windows\system32\drivers\ULiAGP.SYS [2008-8-31 33408]
R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\drivers\AGPKX.SYS [2008-8-31 45056]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2008-8-31 17920]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-7-29 115008]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-1 22216]
S0 hptpro;hptpro;c:\windows\system32\drivers\hptpro.sys [2008-8-31 9809]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 s3m;s3m;c:\windows\system32\drivers\s3m.sys [2011-1-21 166720]
S3 vmx_svga;vmx_svga;c:\windows\system32\drivers\vmx_svga.sys [2008-8-6 63536]
.
=============== Created Last 30 ================
.
2011-11-01 09:44:12 -------- d-----w- c:\documents and settings\kytang\application data\Malwarebytes
2011-11-01 09:43:53 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-11-01 09:43:47 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-01 09:43:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-28 01:55:39 -------- d-----w- c:\documents and settings\kytang\application data\Omig
2011-10-28 01:55:39 -------- d-----w- c:\documents and settings\kytang\application data\Muuto
2011-10-27 09:03:03 -------- d-----w- c:\documents and settings\kytang\application data\Naly
2011-10-27 09:03:03 -------- d-----w- c:\documents and settings\kytang\application data\Enz
2011-10-27 02:23:21 -------- d-----w- c:\documents and settings\kytang\application data\Mure
2011-10-27 02:23:21 -------- d-----w- c:\documents and settings\kytang\application data\Dageku
2011-10-26 09:33:20 -------- d-----w- c:\documents and settings\kytang\application data\Okabomp
2011-10-26 09:33:20 -------- d-----w- c:\documents and settings\kytang\application data\Bie
2011-10-26 01:39:31 -------- d-----w- c:\documents and settings\kytang\application data\Idomfi
2011-10-26 01:39:31 -------- d-----w- c:\documents and settings\kytang\application data\Cie
.
==================== Find3M ====================
.
.
============= FINISH: 13:21:22.81 ==============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2011/1/21 下午 04:36:26
System Uptime: 2011/11/2 下午 12:44:15 (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | A8N-E
Processor: AMD Athlon(tm) 64 Processor 3000+ | Socket 939 | 1944/216mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 14 GiB total, 7.655 GiB free.
E: is FIXED (NTFS) - 38 GiB total, 38.218 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 2011/1/21 下午 04:36:35 - 系統檢查點
.
==== Installed Programs ======================
.
Adobe Flash Player ActiveX
Adobe Reader X - Chinese Traditional
Alky for Applications (Windows XP)
ClearType Tuning Control Panel Applet
Drive Space Indicator
ESET Smart Security
HashTab 2.1.0
hkSFV (remove only)
Java(TM) 6 Update 7
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Chinese (Traditional) Lang. Pack
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - CHT
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - CHT
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5 Language Pack - cht
Microsoft .NET Framework 3.5 語言套件 - 繁體中文
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Internet Explorer 中文繁簡轉換
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (Chinese (Traditional)) 2007
Microsoft Office Excel MUI (Chinese (Traditional)) 2007
Microsoft Office IME (Chinese (Traditional)) 2007
Microsoft Office InfoPath MUI (Chinese (Traditional)) 2007
Microsoft Office Outlook MUI (Chinese (Traditional)) 2007
Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (Chinese (Traditional)) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proofing (Chinese (Traditional)) 2007
Microsoft Office Publisher MUI (Chinese (Traditional)) 2007
Microsoft Office Shared MUI (Chinese (Traditional)) 2007
Microsoft Office Word MUI (Chinese (Traditional)) 2007
Microsoft Software Update for Web Folders (Chinese (Traditional)) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows Application Compatibility Database
Motion Clock
Motion Clock Circle
MSXML 6.0 Parser
NetLimiter 1.30 (remove only)
NVIDIA Drivers
NVIDIA Install Application
NVIDIA nView 135.50
NVIDIA nView Desktop Manager
NVIDIA PhysX
NVIDIA PhysX 系統軟體 9.10.0514
NVIDIA 控制面板 266.58
NVIDIA 圖形驅動程式 266.58
piaip AppLocale
Realtek AC'97 Audio
Ulead COOL 360 1.0
Ulead Photo Explorer 8.6
Ulead PhotoImpact 12
Unicode-At-on (BIG5 Extension) 2.50
Unlocker 1.8.7
Vista Icon Pack v3 System Patch
Vista Sound Package
WebFldrs XP
Windows Internet Explorer 7
Windows Internet Explorer 7 安全性更新 (KB938127-v2)
Windows Internet Explorer 7 安全性更新 (KB950759)
Windows Internet Explorer 7 安全性更新 (KB953838)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media 編碼器 9 系列
Windows Sidebar
Windows Sidebar Styler
Windows XP 安全性更新 (KB951376-v2)
Windows XP 更新 (KB951072-v2)
WinRAR 壓縮工具
XML Paper Specification Shared Components Language Pack 1.0
XML Paper Specification Shared Components Pack 1.0
.
==== End Of File ===========================
Thanks in advance for your help to save my computer.