Can somebody help to check why my server was very slow ??
Below here the hijackthis log... ~~!!

================================================== ===

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:47:08 AM, on 5/11/2009
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe
C:\WINDOWS\System32\dns.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Trend Micro\ISVW\UI\Tomcat 4.1\bin\tomcat.exe
C:\Program Files\Trend Micro\ISVW\Web\FTP\isftpd.exe
C:\Program Files\Trend Micro\ISVW\Mail\ISNTSmtp\isntsysmonitor.exe
C:\Program Files\Trend Micro\ISVW\Web\HTTP\iwsshttpmain.exe
C:\Program Files\Trend Micro\ISVW\Mail\ISNTSmtp\isntsmtp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\Program Files\Trend Micro\ISVW\Mail\ISNTSmtp\scheduler.exe
C:\WINDOWS\system32\wmiprvse.exe
C:\WINDOWS\System32\snmp.exe
C:\hp\hpsmh\bin\smhstart.exe
C:\WINDOWS\system32\CPQNiMgt\cpqnimgt.exe
C:\WINDOWS\system32\CpqRcmc.exe
C:\WINDOWS\system32\CPQMgmt\CqMgServ\cqmgserv.exe
C:\WINDOWS\system32\CPQMgmt\CqMgStor\cqmgstor.exe
C:\hp\hpsmh\bin\hpsmhd.exe
C:\WINDOWS\system32\sysdown.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cpqteam.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\OfficeScan Client\Apache2\bin\ApacheMonitor.exe
C:\WINDOWS\system32\CPQMgmt\CqMgHost\cqmghost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Client Server Security Agent\tmproxy.exe
C:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cpqteam.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Trend Micro\OfficeScan Client\Apache2\bin\ApacheMonitor.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/softAdmin.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = *.*.*.*:*
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [CPQTEAM] cpqteam.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Trend Micro\OfficeScan Client\Apache2\bin\ApacheMonitor.exe
O15 - ESC Trusted Zone: http://runonce.msn.com
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1229579345093
O17 - HKLM\System\CCS\Services\Tcpip\..\{032E7E77-44F4-4EAD-A74C-FCFFC64811DE}: NameServer =
O17 - HKLM\System\CS1\Services\Tcpip\..\{032E7E77-44F4-4EAD-A74C-FCFFC64811DE}: NameServer =
O18 - Protocol: hpapp - {24F45006-5BD9-41B7-9BD9-5F8921C8EBD1} - C:\Program Files\Compaq\Cpqacuxe\Bin\hpapp.dll
O23 - Service: Apache2 - Unknown owner - c:\Program Files\Trend Micro\OfficeScan Client\Apache2\bin\Apache.exe (file missing)
O23 - Service: HP Insight NIC Agent (CpqNicMgmt) - Hewlett-Packard Company - C:\WINDOWS\system32\CPQNiMgt\cpqnimgt.exe
O23 - Service: HP ProLiant Remote Monitor Service (CpqRcmc) - Hewlett-Packard Company - C:\WINDOWS\system32\CpqRcmc.exe
O23 - Service: HP Version Control Agent (cpqvcagent) - Hewlett-Packard Company - C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe
O23 - Service: HP Insight Foundation Agents (CqMgHost) - Hewlett-Packard Company - C:\WINDOWS\system32\CPQMgmt\CqMgHost\cqmghost.exe
O23 - Service: HP Insight Server Agents (CqMgServ) - Hewlett-Packard Company - C:\WINDOWS\system32\CPQMgmt\CqMgServ\cqmgserv.exe
O23 - Service: HP Insight Storage Agents (CqMgStor) - Hewlett-Packard Company - C:\WINDOWS\system32\CPQMgmt\CqMgStor\cqmgstor.exe
O23 - Service: Shell Hardware Dectection Service (HWDect) - Unknown owner - C:\WINDOWS\system32\inetsrv\svchost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InterScan VirusWall Management Console - Alexandria Software Consulting - C:\Program Files\Trend Micro\ISVW\UI\Tomcat 4.1\bin\tomcat.exe
O23 - Service: InterScan VirusWall for FTP (ISFTPD) - Trend Micro, Inc. - C:\Program Files\Trend Micro\ISVW\Web\FTP\isftpd.exe
O23 - Service: InterScan VirusWall System Monitor (ISNTSysMonitor) - Trend Micro Inc. - C:\Program Files\Trend Micro\ISVW\Mail\ISNTSmtp\ISNTSysMonitor.exe
O23 - Service: InterScan VirusWall for HTTP (ISVWHTTP) - Trend Micro Inc. - C:\Program Files\Trend Micro\ISVW\Web\HTTP\IWSSHTTPMain.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MS System Spooler (MSpool) - Unknown owner - c:\winnt\system32\mscdt.exe (file missing)
O23 - Service: Network Windows Service (MSWindows) - Unknown owner - C:\WINDOWS\system32\urdvxc.exe (file missing)
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: Routing and Remote Access (RemoteAccess) - Unknown owner - C:\WINDOWS\system32\83081\svchost.exe (file missing)
O23 - Service: Remote Registry (RemoteRegistry) - Unknown owner - C:\WINDOWS\system32\regsvr.exe
O23 - Service: Protected Storage Manager (rspp) - Unknown owner - cmd /c start C:\WINDOWS\system32\wmiprvse.exe (file missing)
O23 - Service: Smart Card (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe (file missing)
O23 - Service: HP ProLiant System Shutdown Service (sysdown) - Compaq Computer Corporation - C:\WINDOWS\system32\sysdown.exe
O23 - Service: HP System Management Homepage (SysMgmtHP) - Hewlett-Packard Company - C:\hp\hpsmh/bin/smhstart.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\..\BM\TMBMSRV.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe
O23 - Service: Trend Micro Client/Server Security Agent Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe

--
End of file - 9649 bytes
================================================== ===

There is some infection present...

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

STEP 1. Download SUPERAntiSpyware Free for Home Users:
SUPERAntiSpyware.com - AntiAdware, AntiSpyware, AntiMalware!

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: SUPERAntiSpyware.com - Database Definition Information.)
* Close SUPERAntiSpyware.

PHYSICALLY DISCONNECT FROM THE INTERNET

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Under Configuration and Preferences, click the Preferences button.
* Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.
* Click the Close button to leave the control center screen.
* Back on the main screen, under Scan for Harmful Software click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under Complete Scan, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
* Make sure everything has a checkmark next to it and click Next.
* A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
* If asked if you want to reboot, click Yes.
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Post SUPERAntiSpyware log.
NOTE: Tracking cookies may be omitted from the log.

RECONNECT TO THE INTERNET

RESTART COMPUTER!

STEP 2. Download Malwarebytes' Anti-Malware: Malwarebytes.org to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 3. Download GMER: GMER - Rootkit Detector and Remover - Files, by clicking on Download EXE button.
Alternative downloads:
- |MG| GMER 1.0.15.14972
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

RESTART COMPUTER

STEP 4.
Post fresh HijackThis log.
Do NOT attempt to "fix" anything!


DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

thanks broni advise....

Below here the log from SuperAntiSpyware

================================================== =====

SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com - AntiAdware, AntiSpyware, AntiMalware!

Generated 05/14/2009 at 12:56 PM

Application Version : 4.26.1002

Core Rules Database Version : 3892
Trace Rules Database Version: 1840

Scan type : Complete Scan
Total Scan Time : 00:18:36

Memory items scanned : 216
Memory threats detected : 0
Registry items scanned : 3837
Registry threats detected : 12
File items scanned : 12588
File threats detected : 34

Trojan.Downloader-SVCHost/Fake
HKLM\System\ControlSet001\Services\HWDect
C:\WINDOWS\SYSTEM32\INETSRV\SVCHOST.EXE
HKLM\System\ControlSet001\Enum\Root\LEGACY_HWDect
HKLM\System\ControlSet003\Services\HWDect
HKLM\System\ControlSet003\Enum\Root\LEGACY_HWDect
HKLM\System\CurrentControlSet\Services\HWDect
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_HWD ect

Trojan.Unclassified/RegSVR-Fake
HKLM\System\ControlSet001\Services\RemoteRegistry
C:\WINDOWS\SYSTEM32\REGSVR.EXE
HKLM\System\ControlSet001\Enum\Root\LEGACY_RemoteR egistry
HKLM\System\ControlSet003\Services\RemoteRegistry
HKLM\System\ControlSet003\Enum\Root\LEGACY_RemoteR egistry
HKLM\System\CurrentControlSet\Services\RemoteRegis try
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_Rem oteRegistry

Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@media 6degrees[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@stats e.webtrendslive[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@msnpo rtal.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@micro softwindows.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@bs.se rving-sys[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@inter click[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@doubl eclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@servi ng-sys[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@fastc lick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@micro softinternetexplorer.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yi eldmanager[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@doubl eclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adtec h[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@forum s.msexchange[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@overt ure[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@media plex[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
C:\Documents and Settings\sql\Cookies\sql@ad.abr.tbn[1].txt
C:\Documents and Settings\sql\Cookies\sql@ad.rich1.adbn[1].txt
C:\Documents and Settings\sql\Cookies\sql@ad.600.tbn[1].txt
C:\Documents and Settings\sql\Cookies\sql@ad.tbn[2].txt
C:\Documents and Settings\sql\Cookies\sql@ad.top1.adbn[1].txt
C:\Documents and Settings\sql\Cookies\sql@ad.agava.tbn[1].txt
C:\Documents and Settings\sql\Cookies\sql@ad.popup.tbn[1].txt
C:\Documents and Settings\sql\Cookies\sql@ad.text.tbn[1].txt
C:\Documents and Settings\sql\Cookies\sql@engine.adnet[2].txt
C:\Documents and Settings\sql\Cookies\sql@hotlog[1].txt
C:\Documents and Settings\sql\Cookies\sql@tns-counter[1].txt
C:\Documents and Settings\sql\Cookies\sql@webfile[2].txt
C:\Documents and Settings\sql\Cookies\sql@yadro[1].txt

Trojan.SVCHost/Fake
C:\DOCUMENTS AND SETTINGS\SQL\MY DOCUMENTS\PROXYHUNTER\SVCHOST.EXE
================================================== =====

mbam-log :

================================================== ==============

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.2.3790 Service Pack 2

5/14/2009 1:30:14 PM
mbam-log-2009-05-14 (13-30-14).txt

Scan type: Full Scan (C:\|)
Objects scanned: 111005
Time elapsed: 23 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Advanced\Folder\Hidden\SHOWALL \CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\1.ico (Malware.Trace) -> Quarantined and deleted successfully.


================================================== ==============

Gmer LOG :

================================================== ==============

GMER 1.0.15.14972 - GMER - Rootkit Detector and Remover
Rootkit scan 2009-05-14 13:39:59
Windows 5.2.3790 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT 88A50FA0 ZwCreateKey
SSDT 88A504A0 ZwCreateProcess
SSDT 88A50760 ZwCreateProcessEx
SSDT 88A51C60 ZwCreateSection
SSDT 88A52140 ZwCreateThread
SSDT 88A51520 ZwDeleteKey
SSDT 88A517E0 ZwDeleteValueKey
SSDT 88A522E0 ZwLoadDriver
SSDT 88A50A20 ZwOpenProcess
SSDT 88A51E00 ZwOpenSection
SSDT 88A51260 ZwSetValueKey
SSDT 88A50CE0 ZwTerminateProcess
SSDT 88A51FA0 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!KeQuerySystemTime + D9 8083E675 3 Bytes [0F, A5, 88]
.text ntoskrnl.exe!KeQuerySystemTime + F0 8083E68C 8 Bytes [A0, 04, A5, 88, 60, 07, A5, ...]
.text ntoskrnl.exe!KeQuerySystemTime + FC 8083E698 4 Bytes [60, 1C, A5, 88]
.text ntoskrnl.exe!KeQuerySystemTime + 108 8083E6A4 4 Bytes [40, 21, A5, 88]
.text ntoskrnl.exe!KeQuerySystemTime + 134 8083E6D0 4 Bytes [20, 15, A5, 88]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[2964] C:\WINDOWS\Explorer.EXE section is writeable [0x01001000, 0x44FAD, 0xE0000060]
.reloc C:\WINDOWS\Explorer.EXE[2964] C:\WINDOWS\Explorer.EXE section is executable [0x01100000, 0x38E5, 0xE2000060]
.text C:\WINDOWS\Explorer.EXE[3716] C:\WINDOWS\Explorer.EXE section is writeable [0x01001000, 0x44FAD, 0xE0000060]
.reloc C:\WINDOWS\Explorer.EXE[3716] C:\WINDOWS\Explorer.EXE section is executable [0x01100000, 0x38E5, 0xE2000060]

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice TmPreFlt.sys (Pre-Filter For XP/Trend Micro Inc.)

Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

Device rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DesktopHeapLogging 1

---- EOF - GMER 1.0.15 ----

================================================== ==============

Please advise for above scann log ~~!!!

Thanks !!

I need fresh HJT log.

HijackThis log :

================================================== ============

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:50:10 PM, on 5/14/2009
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe
C:\WINDOWS\System32\dns.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Trend Micro\ISVW\UI\Tomcat 4.1\bin\tomcat.exe
C:\Program Files\Trend Micro\ISVW\Web\FTP\isftpd.exe
C:\Program Files\Trend Micro\ISVW\Mail\ISNTSmtp\isntsysmonitor.exe
C:\Program Files\Trend Micro\ISVW\Web\HTTP\iwsshttpmain.exe
C:\Program Files\Trend Micro\ISVW\Mail\ISNTSmtp\isntsmtp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\WINDOWS\system32\wmiprvse.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Trend Micro\ISVW\Mail\ISNTSmtp\scheduler.exe
C:\hp\hpsmh\bin\smhstart.exe
C:\WINDOWS\system32\CPQNiMgt\cpqnimgt.exe
C:\WINDOWS\system32\CpqRcmc.exe
C:\WINDOWS\system32\CPQMgmt\CqMgServ\cqmgserv.exe
C:\WINDOWS\system32\CPQMgmt\CqMgStor\cqmgstor.exe
C:\WINDOWS\system32\sysdown.exe
C:\hp\hpsmh\bin\hpsmhd.exe
C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CPQMgmt\CqMgHost\cqmghost.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe
C:\WINDOWS\system32\cpqteam.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\OfficeScan Client\Apache2\bin\ApacheMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
C:\Program Files\Trend Micro\Client Server Security Agent\tmproxy.exe
C:\WINDOWS\system32\logon.scr
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cpqteam.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Trend Micro\OfficeScan Client\Apache2\bin\ApacheMonitor.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/softAdmin.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 192.168.1.4:8090
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [CPQTEAM] cpqteam.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Trend Micro\OfficeScan Client\Apache2\bin\ApacheMonitor.exe
O15 - ESC Trusted Zone: http://runonce.msn.com
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1229579345093
O18 - Protocol: hpapp - {24F45006-5BD9-41B7-9BD9-5F8921C8EBD1} - C:\Program Files\Compaq\Cpqacuxe\Bin\hpapp.dll
O23 - Service: Apache2 - Unknown owner - c:\Program Files\Trend Micro\OfficeScan Client\Apache2\bin\Apache.exe (file missing)
O23 - Service: HP Insight NIC Agent (CpqNicMgmt) - Hewlett-Packard Company - C:\WINDOWS\system32\CPQNiMgt\cpqnimgt.exe
O23 - Service: HP ProLiant Remote Monitor Service (CpqRcmc) - Hewlett-Packard Company - C:\WINDOWS\system32\CpqRcmc.exe
O23 - Service: HP Version Control Agent (cpqvcagent) - Hewlett-Packard Company - C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe
O23 - Service: HP Insight Foundation Agents (CqMgHost) - Hewlett-Packard Company - C:\WINDOWS\system32\CPQMgmt\CqMgHost\cqmghost.exe
O23 - Service: HP Insight Server Agents (CqMgServ) - Hewlett-Packard Company - C:\WINDOWS\system32\CPQMgmt\CqMgServ\cqmgserv.exe
O23 - Service: HP Insight Storage Agents (CqMgStor) - Hewlett-Packard Company - C:\WINDOWS\system32\CPQMgmt\CqMgStor\cqmgstor.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InterScan VirusWall Management Console - Alexandria Software Consulting - C:\Program Files\Trend Micro\ISVW\UI\Tomcat 4.1\bin\tomcat.exe
O23 - Service: InterScan VirusWall for FTP (ISFTPD) - Trend Micro, Inc. - C:\Program Files\Trend Micro\ISVW\Web\FTP\isftpd.exe
O23 - Service: InterScan VirusWall System Monitor (ISNTSysMonitor) - Trend Micro Inc. - C:\Program Files\Trend Micro\ISVW\Mail\ISNTSmtp\ISNTSysMonitor.exe
O23 - Service: InterScan VirusWall for HTTP (ISVWHTTP) - Trend Micro Inc. - C:\Program Files\Trend Micro\ISVW\Web\HTTP\IWSSHTTPMain.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MS System Spooler (MSpool) - Unknown owner - c:\winnt\system32\mscdt.exe (file missing)
O23 - Service: Network Windows Service (MSWindows) - Unknown owner - C:\WINDOWS\system32\urdvxc.exe (file missing)
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: Routing and Remote Access (RemoteAccess) - Unknown owner - C:\WINDOWS\system32\83081\svchost.exe (file missing)
O23 - Service: Protected Storage Manager (rspp) - Unknown owner - cmd /c start C:\WINDOWS\system32\wmiprvse.exe (file missing)
O23 - Service: Smart Card (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe (file missing)
O23 - Service: HP ProLiant System Shutdown Service (sysdown) - Compaq Computer Corporation - C:\WINDOWS\system32\sysdown.exe
O23 - Service: HP System Management Homepage (SysMgmtHP) - Hewlett-Packard Company - C:\hp\hpsmh/bin/smhstart.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\..\BM\TMBMSRV.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe
O23 - Service: Trend Micro Client/Server Security Agent Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe

--
End of file - 9458 bytes


================================================== ============

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   
   
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**