Computer slow -

Status
Not open for further replies.
E

eitan

Solid State Member
Messages
7
1. Combofix log:
ComboFix 10-08-21.04 - GAL 08/22/2010 0:23.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.440 [GMT -4:00]
Running from: c:\program files\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\GAL\Application Data\PriceGong
c:\documents and settings\GAL\Application Data\PriceGong\Data\1.xml
c:\documents and settings\GAL\Application Data\PriceGong\Data\a.xml
c:\documents and settings\GAL\Application Data\PriceGong\Data\b.xml
c:\documents and settings\GAL\Application Data\PriceGong\Data\c.xml
c:\documents and settings\GAL\Application Data\PriceGong\Data\d.xml
c:\documents and settings\GAL\Application Data\PriceGong\Data\e.xml
c:\documents and settings\GAL\Application Data\PriceGong\Data\f.xml
c:\documents and settings\GAL\Application Data\PriceGong\Data\g.xml
c:\documents and settings\GAL\Application Data\PriceGong\Data\h.xml
c:\documents and settings\GAL\Application Data\PriceGong\Data\i.xml
c:\documents and settings\GAL\Application Data\PriceGong\Data\J.xml
c:\documents and settings\GAL\Application Data\PriceGong\Data\k.xml
c:\documents and settings\GAL\Application Data\PriceGong\Data\l.xml
c:\documents and settings\GAL\Application Data\PriceGong\Data\m.xml
c:\documents and settings\GAL\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\GAL\Application Data\PriceGong\Data\n.xml
c:\documents and settings\GAL\Application Data\PriceGong\Data\o.xml
c:\documents and settings\GAL\Application Data\PriceGong\Data\p.xml
c:\documents and settings\GAL\Application Data\PriceGong\Data\q.xml
c:\documents and settings\GAL\Application Data\PriceGong\Data\r.xml
c:\documents and settings\GAL\Application Data\PriceGong\Data\s.xml
c:\documents and settings\GAL\Application Data\PriceGong\Data\t.xml
c:\documents and settings\GAL\Application Data\PriceGong\Data\u.xml
c:\documents and settings\GAL\Application Data\PriceGong\Data\v.xml
c:\documents and settings\GAL\Application Data\PriceGong\Data\w.xml
c:\documents and settings\GAL\Application Data\PriceGong\Data\x.xml
c:\documents and settings\GAL\Application Data\PriceGong\Data\y.xml
c:\documents and settings\GAL\Application Data\PriceGong\Data\z.xml
C:\install.exe
.
---- Previous Run -------
.
c:\docume~1\GAL\LOCALS~1\Temp\NewsFeed[21].dll
c:\documents and settings\GAL\Application Data\PriceGong\Data\1.xml
c:\documents and settings\GAL\Application Data\PriceGong\Data\a.xml
c:\documents and settings\GAL\Application Data\PriceGong\Data\b.xml
c:\documents and settings\GAL\Application Data\PriceGong\Data\c.xml
c:\documents and settings\GAL\Application Data\PriceGong\Data\d.xml
c:\documents and settings\GAL\Application Data\PriceGong\Data\e.xml
c:\documents and settings\GAL\Application Data\PriceGong\Data\f.xml
c:\documents and settings\GAL\Application Data\PriceGong\Data\g.xml
c:\documents and settings\GAL\Application Data\PriceGong\Data\h.xml
c:\documents and settings\GAL\Application Data\PriceGong\Data\i.xml
c:\documents and settings\GAL\Application Data\PriceGong\Data\J.xml
c:\documents and settings\GAL\Application Data\PriceGong\Data\k.xml
c:\documents and settings\GAL\Application Data\PriceGong\Data\l.xml
c:\documents and settings\GAL\Application Data\PriceGong\Data\m.xml
c:\documents and settings\GAL\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\GAL\Application Data\PriceGong\Data\n.xml
c:\documents and settings\GAL\Application Data\PriceGong\Data\o.xml
c:\documents and settings\GAL\Application Data\PriceGong\Data\p.xml
c:\documents and settings\GAL\Application Data\PriceGong\Data\q.xml
c:\documents and settings\GAL\Application Data\PriceGong\Data\r.xml
c:\documents and settings\GAL\Application Data\PriceGong\Data\s.xml
c:\documents and settings\GAL\Application Data\PriceGong\Data\t.xml
c:\documents and settings\GAL\Application Data\PriceGong\Data\u.xml
c:\documents and settings\GAL\Application Data\PriceGong\Data\v.xml
c:\documents and settings\GAL\Application Data\PriceGong\Data\w.xml
c:\documents and settings\GAL\Application Data\PriceGong\Data\x.xml
c:\documents and settings\GAL\Application Data\PriceGong\Data\y.xml
c:\documents and settings\GAL\Application Data\PriceGong\Data\z.xml
c:\documents and settings\GAL\Local Settings\Temp\NewsFeed[21].dll

.
((((((((((((((((((((((((( Files Created from 2010-07-22 to 2010-08-22 )))))))))))))))))))))))))))))))
.

2010-08-22 04:17 . 2010-08-22 04:18 3820648 ----a-r- c:\program files\ComboFix.exe
2010-08-18 15:19 . 2010-08-18 15:19 340456 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\avp.exe
2010-08-18 15:19 . 2010-08-18 15:19 170512 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\prloader.dll
2010-08-18 15:19 . 2010-08-18 15:19 170584 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\prloader.dll
2010-08-18 15:19 . 2010-08-18 15:19 340520 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\avp.exe
2010-08-17 15:00 . 2010-08-19 00:28 -------- d-----w- C:\HTC
2010-08-14 13:17 . 2010-08-14 13:17 192776 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-08-11 02:53 . 2010-08-11 03:00 102135128 ----a-w- c:\documents and settings\GAL\Application Data\Research In Motion\BlackBerry\Updates\5D17024E-6DC2-41aa-B38E-DA95AA158934\Extractor.exe
2010-08-09 23:51 . 2010-08-09 23:51 -------- d-----w- c:\windows\system32\wbem\Repository
2010-08-09 23:31 . 2010-08-09 23:51 -------- d-----w- c:\documents and settings\All Users\Application Data\RegTask
2010-08-09 23:30 . 2010-08-09 23:51 -------- d-----w- c:\program files\RegTask
2010-08-09 23:20 . 2010-08-09 23:51 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic(2)
2010-08-09 23:20 . 2010-08-09 23:51 -------- d-----w- c:\program files\Common Files\ParetoLogic(2)
2010-08-09 22:42 . 2010-08-09 22:46 -------- d-----w- c:\documents and settings\All Users\Application Data\FileCure
2010-08-09 22:42 . 2010-08-09 22:42 -------- d-----w- c:\program files\ParetoLogic
2010-08-08 15:31 . 2010-08-08 15:31 -------- d-----w- c:\program files\CCleaner
2010-08-08 15:26 . 2010-08-08 15:26 -------- d-----w- c:\program files\Defraggler
2010-08-07 21:39 . 2010-08-07 21:39 10827096 ----a-w- c:\program files\BlackBerryMediaSync.exe
2010-08-06 13:05 . 2010-08-06 13:05 388096 ----a-r- c:\documents and settings\GAL\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-06 13:04 . 2010-08-06 13:04 -------- d-----w- c:\program files\Trend Micro
2010-08-06 13:04 . 2010-08-06 13:04 1402880 ----a-w- c:\program files\HiJackThis.msi
2010-08-04 11:40 . 2010-08-04 11:40 503808 ----a-w- c:\documents and settings\GAL\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-79298873-n\msvcp71.dll
2010-08-04 11:40 . 2010-08-04 11:40 499712 ----a-w- c:\documents and settings\GAL\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-79298873-n\jmc.dll
2010-08-04 11:40 . 2010-08-04 11:40 348160 ----a-w- c:\documents and settings\GAL\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-79298873-n\msvcr71.dll
2010-08-04 11:40 . 2010-08-04 11:40 61440 ----a-w- c:\documents and settings\GAL\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-35418798-n\decora-sse.dll
2010-08-04 11:40 . 2010-08-04 11:40 12800 ----a-w- c:\documents and settings\GAL\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-35418798-n\decora-d3d.dll
2010-08-04 01:38 . 2010-08-04 01:38 1821192 ----a-w- c:\documents and settings\GAL\Application Data\Research In Motion\BlackBerry\Updates\5D17024E-6DC2-41aa-B38E-DA95AA158934\vcredist_x86.exe
2010-08-04 01:38 . 2010-08-04 01:38 400728 ----a-w- c:\documents and settings\GAL\Application Data\Research In Motion\BlackBerry\Updates\5D17024E-6DC2-41aa-B38E-DA95AA158934\BBDesktopInstaller.exe
2010-08-04 01:38 . 2010-08-04 01:38 2959376 ----a-w- c:\documents and settings\GAL\Application Data\Research In Motion\BlackBerry\Updates\5D17024E-6DC2-41aa-B38E-DA95AA158934\dotnetfx35setup.exe
2010-08-04 01:38 . 2010-08-04 01:38 128472 ----a-w- c:\documents and settings\GAL\Application Data\Research In Motion\BlackBerry\Updates\5D17024E-6DC2-41aa-B38E-DA95AA158934\Helper.exe
2010-08-03 20:04 . 2010-08-09 23:57 256 ----a-w- c:\documents and settings\GAL\pool.bin
2010-08-02 20:59 . 2010-08-02 21:00 -------- d-----w- c:\program files\RapidShareManager
2010-08-02 20:59 . 2010-08-02 20:59 3238968 ----a-w- c:\program files\RapidShareManager2WindowsSetup.exe
2010-08-01 13:31 . 2010-08-01 13:31 53248 ----a-r- c:\documents and settings\GAL\Application Data\Microsoft\Installer\{3360D505-B0AA-4284-92DF-F872AF90A448}\ARPPRODUCTICON.exe
2010-07-31 23:10 . 2010-07-31 23:10 711168 ----a-w- c:\documents and settings\GAL\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv307hw-1007080-0-main.dll
2010-07-30 03:04 . 2010-07-30 03:04 2224872 ----a-w- c:\program files\GoogleToolbarInstaller_en32_signed.exe
2010-07-30 03:03 . 2010-07-30 03:03 519960 ----a-w- c:\program files\Mats_Run.IEAddon.exe
2010-07-30 02:53 . 2010-07-30 02:53 -------- d-----w- c:\documents and settings\GAL\Application Data\ElevatedDiagnostics
2010-07-27 13:43 . 2010-07-27 13:43 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-24 12:03 . 2010-07-24 12:03 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-22 04:36 . 2010-05-10 23:04 -------- d-----w- c:\documents and settings\GAL\Application Data\Skype
2010-08-22 04:02 . 2010-05-10 23:05 -------- d-----w- c:\documents and settings\GAL\Application Data\skypePM
2010-08-20 04:31 . 2010-05-11 16:05 -------- d-----w- c:\program files\lx_cats
2010-08-18 23:52 . 2010-05-12 01:28 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-08-17 04:22 . 2010-06-29 20:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-08-12 15:10 . 2010-06-28 02:22 -------- d-----w- c:\documents and settings\GAL\Application Data\Research In Motion
2010-08-11 07:44 . 2009-04-15 14:01 -------- d-----w- c:\program files\Microsoft Works
2010-08-11 03:14 . 2010-06-30 23:48 -------- d-----w- c:\program files\Common Files\Research In Motion
2010-08-11 03:12 . 2010-06-28 00:44 -------- d-----w- c:\program files\Research In Motion
2010-08-11 03:12 . 2010-07-01 02:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2010-08-08 13:00 . 2010-06-28 02:23 256 ----a-w- c:\windows\system32\pool.bin
2010-08-03 16:02 . 2010-07-14 20:38 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-07-30 03:06 . 2009-04-15 14:05 -------- d-----w- c:\program files\Google
2010-07-30 00:04 . 2010-07-30 00:04 32173810 ----a-w- c:\documents and settings\All Users\SPL241.tmp
2010-07-29 15:05 . 2010-06-29 21:03 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-07-29 15:05 . 2010-06-29 21:03 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-07-22 18:31 . 2010-07-22 18:31 16883056 ----a-w- c:\program files\IE8-WindowsXP-x86-ENU.exe
2010-07-22 18:16 . 2010-05-12 04:16 -------- d-----w- c:\program files\trademanager
2010-07-21 22:59 . 2010-07-21 22:54 2605008 ----a-w- c:\documents and settings\GAL\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-07-20 00:00 . 2010-07-20 00:00 -------- d-----w- c:\program files\TranslatorBar_1
2010-07-20 00:00 . 2010-07-20 00:00 -------- d-----w- c:\program files\Conduit
2010-07-14 20:40 . 2010-07-14 20:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd
2010-07-14 20:39 . 2010-07-14 20:30 -------- d-----w- c:\documents and settings\GAL\Application Data\Logitech
2010-07-14 20:39 . 2010-07-14 20:39 -------- d-----w- c:\documents and settings\GAL\Application Data\Leadertech
2010-07-14 20:39 . 2010-07-14 20:39 53248 ----a-r- c:\documents and settings\GAL\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-07-14 20:39 . 2010-07-14 20:31 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-07-14 20:38 . 2010-07-14 20:38 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-07-14 20:34 . 2010-07-14 20:33 -------- d-----w- c:\program files\Logitech
2010-07-14 20:31 . 2010-07-14 20:30 -------- d-----w- c:\documents and settings\GAL\Application Data\Logishrd
2010-07-14 20:30 . 2010-07-14 20:30 23242528 ----a-w- c:\program files\setpoint610.exe
2010-07-09 02:46 . 2010-07-08 19:47 -------- d-----w- c:\documents and settings\All Users\Application Data\inFlow Inventory
2010-07-09 02:02 . 2010-05-10 23:35 -------- d-----w- c:\program files\Microsoft SQL Server
2010-07-09 01:58 . 2010-05-10 23:26 -------- d-----w- c:\program files\Microsoft.NET
2010-07-09 01:29 . 2010-07-09 01:29 32768 ----a-w- c:\documents and settings\GAL\.exe
2010-07-01 04:04 . 2010-07-01 04:04 -------- d-----w- c:\documents and settings\GAL\Application Data\Blackberry Desktop
2010-06-30 12:31 . 2009-04-15 05:42 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-29 21:31 . 2010-06-29 21:31 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2010-06-29 21:31 . 2010-06-29 21:31 133720 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mmpprtc.dll
2010-06-29 21:31 . 2010-06-29 21:31 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-06-29 21:31 . 2010-06-29 21:31 315408 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2010-06-29 20:57 . 2010-06-29 20:57 -------- d-----w- c:\program files\Kaspersky Lab
2010-06-29 20:51 . 2009-04-15 14:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-06-29 20:48 . 2010-05-10 19:17 -------- d-----w- c:\program files\Symantec
2010-06-29 20:41 . 2010-06-29 20:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-06-28 00:46 . 2010-06-28 00:46 69632 ----a-r- c:\documents and settings\GAL\Application Data\Microsoft\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-06-28 00:46 . 2010-06-28 00:46 69632 ----a-r- c:\documents and settings\GAL\Application Data\Microsoft\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-06-28 00:46 . 2010-06-28 00:46 69632 ----a-r- c:\documents and settings\GAL\Application Data\Microsoft\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-06-28 00:46 . 2010-06-28 00:46 69632 ----a-r- c:\documents and settings\GAL\Application Data\Microsoft\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-06-28 00:46 . 2010-06-28 00:46 69632 ----a-r- c:\documents and settings\GAL\Application Data\Microsoft\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-06-28 00:46 . 2010-06-28 00:46 69632 ----a-r- c:\documents and settings\GAL\Application Data\Microsoft\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-06-28 00:46 . 2010-06-28 00:46 69632 ----a-r- c:\documents and settings\GAL\Application Data\Microsoft\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}\DesktopMgr.exe
2010-06-24 12:22 . 2009-04-15 05:42 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2009-04-15 05:42 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2009-04-15 05:42 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2009-04-15 05:42 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2009-04-15 01:56 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2009-04-15 05:42 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-12 04:17 . 2010-05-10 19:12 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-06-12 04:17 . 2010-06-12 04:18 53319 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{22249312-26C2-492E-B0B5-E73EFF2939D8}\PostBuild.exe
2010-06-10 21:00 . 2010-06-10 21:00 503808 ----a-w- c:\documents and settings\GAL\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-191d0841-n\msvcp71.dll
2010-06-10 21:00 . 2010-06-10 21:00 499712 ----a-w- c:\documents and settings\GAL\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-191d0841-n\jmc.dll
2010-06-10 21:00 . 2010-06-10 21:00 348160 ----a-w- c:\documents and settings\GAL\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-191d0841-n\msvcr71.dll
2010-06-10 21:00 . 2010-06-10 21:00 61440 ----a-w- c:\documents and settings\GAL\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-35d2b6a0-n\decora-sse.dll
2010-06-10 21:00 . 2010-06-10 21:00 12800 ----a-w- c:\documents and settings\GAL\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-35d2b6a0-n\decora-d3d.dll
2010-06-10 20:59 . 2010-06-10 21:00 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-07 12:57 . 2010-06-07 12:57 76712 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-06-01 19:00 . 2010-06-01 19:00 3584 ----a-r- c:\documents and settings\GAL\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-05-31 03:15 . 2010-05-10 19:06 92344 ----a-w- c:\documents and settings\GAL\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-29 16:14 . 2010-05-13 23:44 298 ----a-w- c:\documents and settings\GAL\Application Data\wklnhst.dat
2010-05-14 02:30 . 2010-05-14 02:29 1364522 ----a-w- c:\program files\wrar393.exe
2010-05-13 22:57 . 2010-05-13 22:57 12894680 ----a-w- c:\program files\word2007-kb974631-fullfile-x86-glb.exe
2010-05-13 13:12 . 2010-05-13 13:12 5835264 ----a-w- c:\program files\MAXEN_eMule0.50a-Installer.exe
2010-05-12 04:15 . 2010-05-12 04:15 16777272 ----a-w- c:\program files\AliIM2010_TradeManager(6.18.30).exe
2010-05-12 01:28 . 2010-05-12 01:28 7886336 ----a-w- c:\program files\setup.msi
2010-05-11 23:45 . 2010-05-11 23:45 5520400 ----a-w- c:\program files\WindowsSearch-KB940157-XP-x86-enu.exe
2010-05-10 23:43 . 2010-05-10 23:43 12383736 ----a-w- c:\program files\picasa36-setup.exe
2010-05-10 23:02 . 2010-05-10 23:02 1704744 ----a-w- c:\program files\SkypeSetup.exe
2006-04-06 21:29 . 2010-05-11 15:15 3275752 ----a-w- c:\program files\Babylon50_Setup.exe
.
 
computer slow - continue combofix log

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00bf7b9c-acd2-4080-bea8-b1c41987070f}]
2010-06-03 22:24 2736736 ----a-w- c:\program files\TranslatorBar_1\tbTran.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 19:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{00bf7b9c-acd2-4080-bea8-b1c41987070f}"= "c:\program files\TranslatorBar_1\tbTran.dll" [2010-06-03 2736736]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{00bf7b9c-acd2-4080-bea8-b1c41987070f}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{00BF7B9C-ACD2-4080-BEA8-B1C41987070F}"= "c:\program files\TranslatorBar_1\tbTran.dll" [2010-06-03 2736736]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{00bf7b9c-acd2-4080-bea8-b1c41987070f}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-07 26211624]
"aliim"="c:\program files\trademanager\aliim.exe" [2010-06-13 210328]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-10 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-20 18085888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-12 137752]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-11 30192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"VX3000"="c:\windows\vVX3000.exe" [2009-06-26 757248]
"CLMLServer"="c:\program files\Cyberlink\Power2Go\CLMLSvc.exe" [2008-12-24 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
"Babylon Client"="c:\program files\Babylon\Babylon.exe" [2005-12-01 2446376]
"lxcrmon.exe"="c:\program files\Lexmark 2400 Series\lxcrmon.exe" [2006-12-11 291760]
"EzPrint"="c:\program files\Lexmark 2400 Series\ezprint.exe" [2006-12-11 82864]
"LXCRCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-11-21 106496]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-19 202256]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-05-18 1311312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\GAL\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\scrubtmp\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\lxcrcoms.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\trademanager\\AliIM.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Cyberlink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Documents and Settings\\GAL\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 9:18 PM 36880]
R2 ETService;Empowering Technology Service;c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [5/10/2010 3:09 PM 24576]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [7/14/2010 4:35 PM 10448]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 2:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 7:39 PM 19472]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/29/2010 11:06 PM 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [4/14/2009 10:09 PM 1684736]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [4/15/2009 10:05 AM 30192]
.
Contents of the 'Scheduled Tasks' folder

2010-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-30 03:06]

2010-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-30 03:06]

2010-08-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1318987518-247674877-3292285946-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-08-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1318987518-247674877-3292285946-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-08-22 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 19:23]

2010-08-21 c:\windows\Tasks\User_Feed_Synchronization-{E8481327-BCEC-471F-9204-3B77420BF2E2}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://cnn.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/63.26/uploader2.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-eRecoveryService - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-08-22 00:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCRCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...


c:\docume~1\GAL\LOCALS~1\Temp\RGI21B.tmp 7075 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(916)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
Completion time: 2010-08-22 00:40:02
ComboFix-quarantined-files.txt 2010-08-22 04:39

Pre-Run: 102,867,111,936 bytes free
 
computer slow - continue Mbam Log

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4460

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/22/2010 8:05:34 AM
mbam-log-2010-08-22 (08-05-34).txt

Scan type: Quick scan
Objects scanned: 133475
Time elapsed: 13 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 27

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\PriceGong (Adware.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\GAL\Application Data\PriceGong (Adware.Agent) -> Delete on reboot.
C:\Documents and Settings\GAL\Application Data\PriceGong\Data (Adware.Agent) -> Delete on reboot.

Files Infected:
C:\Documents and Settings\GAL\Application Data\PriceGong\Data\1.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\GAL\Application Data\PriceGong\Data\a.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\GAL\Application Data\PriceGong\Data\b.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\GAL\Application Data\PriceGong\Data\c.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\GAL\Application Data\PriceGong\Data\d.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\GAL\Application Data\PriceGong\Data\e.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\GAL\Application Data\PriceGong\Data\f.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\GAL\Application Data\PriceGong\Data\g.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\GAL\Application Data\PriceGong\Data\h.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\GAL\Application Data\PriceGong\Data\i.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\GAL\Application Data\PriceGong\Data\J.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\GAL\Application Data\PriceGong\Data\k.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\GAL\Application Data\PriceGong\Data\l.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\GAL\Application Data\PriceGong\Data\m.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\GAL\Application Data\PriceGong\Data\n.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\GAL\Application Data\PriceGong\Data\o.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\GAL\Application Data\PriceGong\Data\p.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\GAL\Application Data\PriceGong\Data\q.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\GAL\Application Data\PriceGong\Data\r.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\GAL\Application Data\PriceGong\Data\s.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\GAL\Application Data\PriceGong\Data\t.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\GAL\Application Data\PriceGong\Data\u.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\GAL\Application Data\PriceGong\Data\v.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\GAL\Application Data\PriceGong\Data\w.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\GAL\Application Data\PriceGong\Data\x.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\GAL\Application Data\PriceGong\Data\y.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\GAL\Application Data\PriceGong\Data\z.xml (Adware.Agent) -> Quarantined and deleted successfully.
 
Run both of those scans again, combofix and then malwarebytes, post their logs and then post a hijackthis log
 
Hi
As your request the new logs :
1.mbam log:
Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4460

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/23/2010 9:15:50 PM
mbam-log-2010-08-23 (21-15-50).txt

Scan type: Full scan (C:\|)
Objects scanned: 237566
Time elapsed: 1 hour(s), 9 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 28

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\PriceGong (Adware.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\GAL\Application Data\PriceGong (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\GAL\Application Data\PriceGong\Data (Adware.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\GAL\Application Data\PriceGong\Data\1.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\GAL\Application Data\PriceGong\Data\a.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\GAL\Application Data\PriceGong\Data\b.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\GAL\Application Data\PriceGong\Data\c.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\GAL\Application Data\PriceGong\Data\d.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\GAL\Application Data\PriceGong\Data\e.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\GAL\Application Data\PriceGong\Data\f.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\GAL\Application Data\PriceGong\Data\g.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\GAL\Application Data\PriceGong\Data\h.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\GAL\Application Data\PriceGong\Data\i.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\GAL\Application Data\PriceGong\Data\J.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\GAL\Application Data\PriceGong\Data\k.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\GAL\Application Data\PriceGong\Data\l.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\GAL\Application Data\PriceGong\Data\m.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\GAL\Application Data\PriceGong\Data\mru.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\GAL\Application Data\PriceGong\Data\n.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\GAL\Application Data\PriceGong\Data\o.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\GAL\Application Data\PriceGong\Data\p.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\GAL\Application Data\PriceGong\Data\q.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\GAL\Application Data\PriceGong\Data\r.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\GAL\Application Data\PriceGong\Data\s.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\GAL\Application Data\PriceGong\Data\t.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\GAL\Application Data\PriceGong\Data\u.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\GAL\Application Data\PriceGong\Data\v.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\GAL\Application Data\PriceGong\Data\w.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\GAL\Application Data\PriceGong\Data\x.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\GAL\Application Data\PriceGong\Data\y.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\GAL\Application Data\PriceGong\Data\z.xml (Adware.Agent) -> Quarantined and deleted successfully.

2 Combofix log :
ComboFix 10-08-23.02 - GAL 08/23/2010 21:47:54.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.447 [GMT -4:00]
Running from: c:\windows\Temp\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\xbfoyatf.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ghgjq


((((((((((((((((((((((((( Files Created from 2010-07-24 to 2010-08-24 )))))))))))))))))))))))))))))))
.

2010-08-22 04:53 . 2010-08-22 04:53 -------- d-----w- c:\documents and settings\GAL\Application Data\Malwarebytes
2010-08-22 04:53 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-22 04:53 . 2010-08-22 04:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-22 04:53 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-22 04:53 . 2010-08-22 04:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-22 04:17 . 2010-08-22 04:18 3820648 ----a-r- c:\program files\ComboFix.exe
2010-08-18 15:19 . 2010-08-18 15:19 340456 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\avp.exe
2010-08-18 15:19 . 2010-08-18 15:19 170512 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\prloader.dll
2010-08-18 15:19 . 2010-08-18 15:19 170584 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\prloader.dll
2010-08-18 15:19 . 2010-08-18 15:19 340520 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\avp.exe
2010-08-17 15:00 . 2010-08-19 00:28 -------- d-----w- C:\HTC
2010-08-14 13:17 . 2010-08-14 13:17 192776 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-08-11 02:53 . 2010-08-11 03:00 102135128 ----a-w- c:\documents and settings\GAL\Application Data\Research In Motion\BlackBerry\Updates\5D17024E-6DC2-41aa-B38E-DA95AA158934\Extractor.exe
2010-08-09 23:51 . 2010-08-09 23:51 -------- d-----w- c:\windows\system32\wbem\Repository
2010-08-09 23:31 . 2010-08-09 23:51 -------- d-----w- c:\documents and settings\All Users\Application Data\RegTask
2010-08-09 23:30 . 2010-08-09 23:51 -------- d-----w- c:\program files\RegTask
2010-08-09 23:20 . 2010-08-09 23:51 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic(2)
2010-08-09 23:20 . 2010-08-09 23:51 -------- d-----w- c:\program files\Common Files\ParetoLogic(2)
2010-08-09 22:42 . 2010-08-09 22:46 -------- d-----w- c:\documents and settings\All Users\Application Data\FileCure
2010-08-09 22:42 . 2010-08-09 22:42 -------- d-----w- c:\program files\ParetoLogic
2010-08-08 15:31 . 2010-08-08 15:31 -------- d-----w- c:\program files\CCleaner
2010-08-08 15:26 . 2010-08-08 15:26 -------- d-----w- c:\program files\Defraggler
2010-08-07 21:39 . 2010-08-07 21:39 10827096 ----a-w- c:\program files\BlackBerryMediaSync.exe
2010-08-06 13:05 . 2010-08-06 13:05 388096 ----a-r- c:\documents and settings\GAL\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-06 13:04 . 2010-08-06 13:04 -------- d-----w- c:\program files\Trend Micro
2010-08-06 13:04 . 2010-08-06 13:04 1402880 ----a-w- c:\program files\HiJackThis.msi
2010-08-04 11:40 . 2010-08-04 11:40 503808 ----a-w- c:\documents and settings\GAL\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-79298873-n\msvcp71.dll
2010-08-04 11:40 . 2010-08-04 11:40 499712 ----a-w- c:\documents and settings\GAL\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-79298873-n\jmc.dll
2010-08-04 11:40 . 2010-08-04 11:40 348160 ----a-w- c:\documents and settings\GAL\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-79298873-n\msvcr71.dll
2010-08-04 11:40 . 2010-08-04 11:40 61440 ----a-w- c:\documents and settings\GAL\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-35418798-n\decora-sse.dll
2010-08-04 11:40 . 2010-08-04 11:40 12800 ----a-w- c:\documents and settings\GAL\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-35418798-n\decora-d3d.dll
2010-08-04 01:38 . 2010-08-04 01:38 1821192 ----a-w- c:\documents and settings\GAL\Application Data\Research In Motion\BlackBerry\Updates\5D17024E-6DC2-41aa-B38E-DA95AA158934\vcredist_x86.exe
2010-08-04 01:38 . 2010-08-04 01:38 400728 ----a-w- c:\documents and settings\GAL\Application Data\Research In Motion\BlackBerry\Updates\5D17024E-6DC2-41aa-B38E-DA95AA158934\BBDesktopInstaller.exe
2010-08-04 01:38 . 2010-08-04 01:38 2959376 ----a-w- c:\documents and settings\GAL\Application Data\Research In Motion\BlackBerry\Updates\5D17024E-6DC2-41aa-B38E-DA95AA158934\dotnetfx35setup.exe
2010-08-04 01:38 . 2010-08-04 01:38 128472 ----a-w- c:\documents and settings\GAL\Application Data\Research In Motion\BlackBerry\Updates\5D17024E-6DC2-41aa-B38E-DA95AA158934\Helper.exe
2010-08-03 20:04 . 2010-08-09 23:57 256 ----a-w- c:\documents and settings\GAL\pool.bin
2010-08-02 20:59 . 2010-08-02 21:00 -------- d-----w- c:\program files\RapidShareManager
2010-08-02 20:59 . 2010-08-02 20:59 3238968 ----a-w- c:\program files\RapidShareManager2WindowsSetup.exe
2010-08-01 13:31 . 2010-08-01 13:31 53248 ----a-r- c:\documents and settings\GAL\Application Data\Microsoft\Installer\{3360D505-B0AA-4284-92DF-F872AF90A448}\ARPPRODUCTICON.exe
2010-07-31 23:10 . 2010-07-31 23:10 711168 ----a-w- c:\documents and settings\GAL\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv307hw-1007080-0-main.dll
2010-07-30 03:04 . 2010-07-30 03:04 2224872 ----a-w- c:\program files\GoogleToolbarInstaller_en32_signed.exe
2010-07-30 03:03 . 2010-07-30 03:03 519960 ----a-w- c:\program files\Mats_Run.IEAddon.exe
2010-07-30 02:53 . 2010-07-30 02:53 -------- d-----w- c:\documents and settings\GAL\Application Data\ElevatedDiagnostics
2010-07-27 13:43 . 2010-07-27 13:43 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-24 02:05 . 2010-05-10 23:04 -------- d-----w- c:\documents and settings\GAL\Application Data\Skype
2010-08-24 02:04 . 2010-05-10 23:05 -------- d-----w- c:\documents and settings\GAL\Application Data\skypePM
2010-08-24 02:03 . 2010-05-11 16:05 -------- d-----w- c:\program files\lx_cats
2010-08-22 19:59 . 2010-06-29 20:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-08-18 23:52 . 2010-05-12 01:28 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-08-12 15:10 . 2010-06-28 02:22 -------- d-----w- c:\documents and settings\GAL\Application Data\Research In Motion
2010-08-11 07:44 . 2009-04-15 14:01 -------- d-----w- c:\program files\Microsoft Works
2010-08-11 03:14 . 2010-06-30 23:48 -------- d-----w- c:\program files\Common Files\Research In Motion
2010-08-11 03:12 . 2010-06-28 00:44 -------- d-----w- c:\program files\Research In Motion
2010-08-11 03:12 . 2010-07-01 02:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2010-08-08 13:00 . 2010-06-28 02:23 256 ----a-w- c:\windows\system32\pool.bin
2010-08-03 16:02 . 2010-07-14 20:38 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-07-30 03:06 . 2009-04-15 14:05 -------- d-----w- c:\program files\Google
2010-07-30 00:04 . 2010-07-30 00:04 32173810 ----a-w- c:\documents and settings\All Users\SPL241.tmp
2010-07-29 15:05 . 2010-06-29 21:03 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-07-29 15:05 . 2010-06-29 21:03 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-07-24 12:03 . 2010-07-24 12:03 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-07-22 18:31 . 2010-07-22 18:31 16883056 ----a-w- c:\program files\IE8-WindowsXP-x86-ENU.exe
2010-07-22 18:16 . 2010-05-12 04:16 -------- d-----w- c:\program files\trademanager
2010-07-21 22:59 . 2010-07-21 22:54 2605008 ----a-w- c:\documents and settings\GAL\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-07-20 00:00 . 2010-07-20 00:00 -------- d-----w- c:\program files\TranslatorBar_1
2010-07-20 00:00 . 2010-07-20 00:00 -------- d-----w- c:\program files\Conduit
2010-07-14 20:40 . 2010-07-14 20:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd
2010-07-14 20:39 . 2010-07-14 20:30 -------- d-----w- c:\documents and settings\GAL\Application Data\Logitech
2010-07-14 20:39 . 2010-07-14 20:39 -------- d-----w- c:\documents and settings\GAL\Application Data\Leadertech
2010-07-14 20:39 . 2010-07-14 20:39 53248 ----a-r- c:\documents and settings\GAL\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-07-14 20:39 . 2010-07-14 20:31 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-07-14 20:38 . 2010-07-14 20:38 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-07-14 20:34 . 2010-07-14 20:33 -------- d-----w- c:\program files\Logitech
2010-07-14 20:31 . 2010-07-14 20:30 -------- d-----w- c:\documents and settings\GAL\Application Data\Logishrd
2010-07-14 20:30 . 2010-07-14 20:30 23242528 ----a-w- c:\program files\setpoint610.exe
2010-07-09 02:46 . 2010-07-08 19:47 -------- d-----w- c:\documents and settings\All Users\Application Data\inFlow Inventory
2010-07-09 02:02 . 2010-05-10 23:35 -------- d-----w- c:\program files\Microsoft SQL Server
2010-07-09 01:58 . 2010-05-10 23:26 -------- d-----w- c:\program files\Microsoft.NET
2010-07-09 01:29 . 2010-07-09 01:29 32768 ----a-w- c:\documents and settings\GAL\.exe
2010-07-01 04:04 . 2010-07-01 04:04 -------- d-----w- c:\documents and settings\GAL\Application Data\Blackberry Desktop
2010-06-30 12:31 . 2009-04-15 05:42 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-29 21:31 . 2010-06-29 21:31 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2010-06-29 21:31 . 2010-06-29 21:31 133720 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mmpprtc.dll
2010-06-29 21:31 . 2010-06-29 21:31 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspe
 
2010-06-29 21:31 . 2010-06-29 21:31 315408 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2010-06-29 20:57 . 2010-06-29 20:57 -------- d-----w- c:\program files\Kaspersky Lab
2010-06-29 20:51 . 2009-04-15 14:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-06-29 20:48 . 2010-05-10 19:17 -------- d-----w- c:\program files\Symantec
2010-06-29 20:41 . 2010-06-29 20:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-06-28 00:46 . 2010-06-28 00:46 69632 ----a-r- c:\documents and settings\GAL\Application Data\Microsoft\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-06-28 00:46 . 2010-06-28 00:46 69632 ----a-r- c:\documents and settings\GAL\Application Data\Microsoft\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-06-28 00:46 . 2010-06-28 00:46 69632 ----a-r- c:\documents and settings\GAL\Application Data\Microsoft\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-06-28 00:46 . 2010-06-28 00:46 69632 ----a-r- c:\documents and settings\GAL\Application Data\Microsoft\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-06-28 00:46 . 2010-06-28 00:46 69632 ----a-r- c:\documents and settings\GAL\Application Data\Microsoft\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-06-28 00:46 . 2010-06-28 00:46 69632 ----a-r- c:\documents and settings\GAL\Application Data\Microsoft\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-06-28 00:46 . 2010-06-28 00:46 69632 ----a-r- c:\documents and settings\GAL\Application Data\Microsoft\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}\DesktopMgr.exe
2010-06-24 12:22 . 2009-04-15 05:42 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2009-04-15 05:42 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2009-04-15 05:42 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2009-04-15 05:42 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2009-04-15 01:56 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2009-04-15 05:42 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-12 04:17 . 2010-05-10 19:12 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-06-12 04:17 . 2010-06-12 04:18 53319 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{22249312-26C2-492E-B0B5-E73EFF2939D8}\PostBuild.exe
2010-06-10 21:00 . 2010-06-10 21:00 503808 ----a-w- c:\documents and settings\GAL\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-191d0841-n\msvcp71.dll
2010-06-10 21:00 . 2010-06-10 21:00 499712 ----a-w- c:\documents and settings\GAL\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-191d0841-n\jmc.dll
2010-06-10 21:00 . 2010-06-10 21:00 348160 ----a-w- c:\documents and settings\GAL\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-191d0841-n\msvcr71.dll
2010-06-10 21:00 . 2010-06-10 21:00 61440 ----a-w- c:\documents and settings\GAL\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-35d2b6a0-n\decora-sse.dll
2010-06-10 21:00 . 2010-06-10 21:00 12800 ----a-w- c:\documents and settings\GAL\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-35d2b6a0-n\decora-d3d.dll
2010-06-10 20:59 . 2010-06-10 21:00 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-07 12:57 . 2010-06-07 12:57 76712 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-06-01 19:00 . 2010-06-01 19:00 3584 ----a-r- c:\documents and settings\GAL\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-05-31 03:15 . 2010-05-10 19:06 92344 ----a-w- c:\documents and settings\GAL\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-29 16:14 . 2010-05-13 23:44 298 ----a-w- c:\documents and settings\GAL\Application Data\wklnhst.dat
2010-05-14 02:30 . 2010-05-14 02:29 1364522 ----a-w- c:\program files\wrar393.exe
2010-05-13 22:57 . 2010-05-13 22:57 12894680 ----a-w- c:\program files\word2007-kb974631-fullfile-x86-glb.exe
2010-05-13 13:12 . 2010-05-13 13:12 5835264 ----a-w- c:\program files\MAXEN_eMule0.50a-Installer.exe
2010-05-12 04:15 . 2010-05-12 04:15 16777272 ----a-w- c:\program files\AliIM2010_TradeManager(6.18.30).exe
2010-05-12 01:28 . 2010-05-12 01:28 7886336 ----a-w- c:\program files\setup.msi
2010-05-11 23:45 . 2010-05-11 23:45 5520400 ----a-w- c:\program files\WindowsSearch-KB940157-XP-x86-enu.exe
2010-05-10 23:43 . 2010-05-10 23:43 12383736 ----a-w- c:\program files\picasa36-setup.exe
2010-05-10 23:02 . 2010-05-10 23:02 1704744 ----a-w- c:\program files\SkypeSetup.exe
2006-04-06 21:29 . 2010-05-11 15:15 3275752 ----a-w- c:\program files\Babylon50_Setup.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00bf7b9c-acd2-4080-bea8-b1c41987070f}]
2010-06-03 22:24 2736736 ----a-w- c:\program files\TranslatorBar_1\tbTran.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 19:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{00bf7b9c-acd2-4080-bea8-b1c41987070f}"= "c:\program files\TranslatorBar_1\tbTran.dll" [2010-06-03 2736736]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{00bf7b9c-acd2-4080-bea8-b1c41987070f}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{00BF7B9C-ACD2-4080-BEA8-B1C41987070F}"= "c:\program files\TranslatorBar_1\tbTran.dll" [2010-06-03 2736736]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{00bf7b9c-acd2-4080-bea8-b1c41987070f}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-07 26211624]
"aliim"="c:\program files\trademanager\aliim.exe" [2010-06-13 210328]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-10 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-20 18085888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-12 137752]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-11 30192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"VX3000"="c:\windows\vVX3000.exe" [2009-06-26 757248]
"CLMLServer"="c:\program files\Cyberlink\Power2Go\CLMLSvc.exe" [2008-12-24 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
"Babylon Client"="c:\program files\Babylon\Babylon.exe" [2005-12-01 2446376]
"lxcrmon.exe"="c:\program files\Lexmark 2400 Series\lxcrmon.exe" [2006-12-11 291760]
"EzPrint"="c:\program files\Lexmark 2400 Series\ezprint.exe" [2006-12-11 82864]
"LXCRCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-11-21 106496]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-19 202256]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-05-18 1311312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\GAL\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\scrubtmp\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\lxcrcoms.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\trademanager\\AliIM.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Cyberlink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Documents and Settings\\GAL\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 9:18 PM 36880]
R2 ETService;Empowering Technology Service;c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [5/10/2010 3:09 PM 24576]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [7/14/2010 4:35 PM 10448]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 2:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 7:39 PM 19472]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/29/2010 11:06 PM 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [4/14/2009 10:09 PM 1684736]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [4/15/2009 10:05 AM 30192]
.
Contents of the 'Scheduled Tasks' folder

2010-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-30 03:06]

2010-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-30 03:06]

2010-08-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1318987518-247674877-3292285946-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-08-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1318987518-247674877-3292285946-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-08-24 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 19:23]

2010-08-24 c:\windows\Tasks\User_Feed_Synchronization-{E8481327-BCEC-471F-9204-3B77420BF2E2}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://cnn.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/63.26/uploader2.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-08-23 22:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCRCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(928)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

- - - - - - - > 'explorer.exe'(612)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxcrcoms.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\System32\snmp.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\Skype\Phone\Skype.exe
c:\program files\Microsoft ActiveSync\Wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Completion time: 2010-08-23 22:09:33 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-24 02:09
ComboFix2.txt 2010-08-22 04:40

Pre-Run: 105,230,143,488 bytes free
Post-Run: 105,256,132,608 bytes free

- - End Of File - - 71451502C1E265B573F4480A9B474BE8
 
Delete this directory C:\Documents and Settings\GAL\Application Data\PriceGong

run ccleaner and cleanup! and make sure to check all options in ccleaner

Make sure System Restore is disabled

Reboot

Then run the scans again and post the logs
 
Status
Not open for further replies.

Similar threads

G
Computer slow and work in background
Replies
0
Views
2K
grecycle99
G
J
Freezing up
Replies
5
Views
3K
jetsmell
J
M
computer suddenly slowed down.
Replies
0
Views
3K
mike3dp
M
alex_boothby
Excel Help
Replies
2
Views
2K
Technician1
Technician1
N
Your computer appears to be correctly configured, but the device or resource (DNS server) is not responding"
Replies
0
Views
4K
nev
N
Back
Top Bottom