ComboFix 11-06-13.01 - Baran 06/13/2011  23:39:31.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1023.586 [GMT 2:00]
Running from: c:\documents and settings\Baran\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Baran\Application Data\PriceGong
c:\documents and settings\Baran\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Baran\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Baran\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Baran\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Baran\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Baran\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Baran\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Baran\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Baran\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Baran\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Baran\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Baran\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Baran\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Baran\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Baran\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Baran\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Baran\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Baran\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Baran\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Baran\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Baran\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Baran\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Baran\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Baran\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Baran\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Baran\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Baran\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Baran\Application Data\PriceGong\Data\z.xml
C:\install.exe
c:\windows\system32\lsprst7.dll
c:\windows\system32\prsgrc.dll
c:\windows\XSxS
.
.
(((((((((((((((((((((((((   Files Created from 2011-05-13 to 2011-06-13  )))))))))))))))))))))))))))))))
.
.
2011-06-13 21:38 . 2011-06-13 21:38	24376	----a-w-	c:\program files\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll
2011-06-13 21:38 . 2011-06-13 21:37	85152	----a-w-	c:\windows\system32\drivers\mferkdet.sys
2011-06-13 21:38 . 2011-06-13 21:37	9344	----a-w-	c:\windows\system32\drivers\mfeclnk.sys
2011-06-13 21:38 . 2011-06-13 21:37	58456	----a-w-	c:\windows\system32\drivers\mfebopk.sys
2011-06-13 21:38 . 2011-06-13 21:37	171296	----a-w-	c:\windows\system32\drivers\mfeavfk.sys
2011-06-13 21:38 . 2011-06-13 21:37	116104	----a-w-	c:\windows\system32\drivers\mfeapfk.sys
2011-06-13 21:38 . 2011-06-13 21:37	88544	----a-w-	c:\windows\system32\drivers\mfetdi2k.sys
2011-06-13 21:38 . 2011-06-13 21:37	436728	----a-w-	c:\windows\system32\drivers\mfehidk.sys
2011-06-13 21:38 . 2011-06-13 21:37	145936	----a-w-	c:\windows\system32\mfevtps.exe
2011-06-13 21:37 . 2011-06-13 21:38	--------	d-----w-	c:\program files\Common Files\McAfee
2011-06-08 21:34 . 2011-06-08 21:34	--------	d-----w-	c:\program files\NAPI-PROJEKT
2011-06-06 13:01 . 2011-06-06 13:01	729600	----a-w-	c:\windows\GPInstall.exe
2011-06-05 17:53 . 2011-06-05 17:53	--------	d-----w-	c:\documents and settings\All Users\Application Data\SPSS
2011-06-05 17:30 . 2011-06-05 20:37	50318	----a-w-	c:\windows\system32\brqxitvvtb.exe
2011-06-05 16:09 . 2011-06-05 19:21	--------	d-----w-	c:\windows\SxsCaPendDel
2011-05-24 12:22 . 2011-05-24 12:22	--------	d-----w-	c:\documents and settings\Baran\Application Data\Eclipse
2011-05-24 12:22 . 2011-05-24 12:22	--------	d-----w-	c:\documents and settings\Baran\Local Settings\Application Data\javasharedresources
2011-05-23 13:29 . 2011-05-24 21:25	--------	d-----w-	c:\documents and settings\Baran\.spss
2011-05-23 12:30 . 2011-05-23 12:30	272896	----a-w-	c:\windows\system32\gkaiflzlaffwfq.dll
2011-05-21 01:29 . 2011-06-05 17:20	--------	d-----w-	c:\program files\Common Files\SPSS
2011-05-21 00:39 . 2011-05-21 00:39	--------	d-----w-	c:\program files\Xenocode
2011-05-21 00:10 . 2011-05-21 00:18	--------	d-----w-	c:\documents and settings\All Users\Application Data\WinZip
2011-05-20 22:20 . 2011-05-20 22:20	--------	d-----w-	c:\program files\CCleaner
2011-05-20 13:37 . 2008-04-14 12:00	221184	----a-w-	c:\windows\system32\wmpns.dll
2011-05-20 11:39 . 2011-05-20 11:39	--------	d-----w-	c:\program files\Common Files\IBM
2011-05-20 11:37 . 2011-05-20 11:37	1025	----a-w-	c:\windows\system32\sysprs7.dll
2011-05-18 14:12 . 2011-06-10 10:52	--------	d-----w-	c:\documents and settings\Baran\Local Settings\Application Data\Google
2011-05-18 08:52 . 2011-05-18 08:52	--------	d-----w-	c:\documents and settings\NetworkService\Application Data\Intel
2011-05-17 22:39 . 2011-05-17 22:39	1024	----a-w-	c:\windows\system32\grcauth2.dll
2011-05-17 22:39 . 2011-05-17 22:39	1024	----a-w-	c:\windows\system32\grcauth1.dll
2011-05-17 22:39 . 2011-05-17 22:39	--------	d-----w-	c:\documents and settings\All Users\Application Data\SafeNet Sentinel
2011-05-17 22:12 . 2011-05-17 22:13	--------	d--h--w-	c:\program files\Zero G Registry
2011-05-17 22:02 . 2011-05-17 22:02	--------	d-----w-	c:\program files\IBM
2011-05-17 22:01 . 2011-05-17 22:01	--------	d--h--w-	c:\documents and settings\Baran\InstallAnywhere
2011-05-17 21:13 . 2011-06-12 07:08	--------	d-----w-	c:\windows\system32\config\systemprofile\Application Data\Nitro PDF
2011-05-17 14:23 . 2011-05-17 14:28	--------	d-----w-	c:\documents and settings\Baran\Application Data\Nitro PDF
2011-05-17 14:20 . 2011-01-14 11:35	17712	----a-w-	c:\windows\system32\nitrolocalui.dll
2011-05-17 14:20 . 2011-01-14 11:35	26416	----a-w-	c:\windows\system32\nitrolocalmon.dll
2011-05-17 14:20 . 2011-05-17 14:20	--------	d-----w-	c:\documents and settings\All Users\Application Data\Nitro PDF
2011-05-17 14:20 . 2011-05-17 14:20	--------	d-----w-	c:\program files\Nitro PDF
2011-05-17 14:20 . 2011-05-17 14:20	--------	d-----w-	c:\program files\Common Files\Nitro PDF
2011-05-17 14:18 . 2011-05-17 15:35	--------	d-----w-	c:\documents and settings\Baran\Local Settings\Application Data\OpenCandy
2011-05-17 14:17 . 2011-05-17 14:17	--------	d-----w-	c:\documents and settings\Baran\Application Data\maComfort
2011-05-17 14:17 . 2011-05-17 14:18	--------	d-----w-	c:\program files\maComfort
2011-05-17 14:17 . 2011-05-17 14:17	--------	d-----w-	c:\documents and settings\Baran\Application Data\OpenCandy
2011-05-17 13:30 . 2011-05-17 13:30	--------	d-----w-	c:\windows\Sun
2011-05-17 13:05 . 2011-05-17 13:04	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-05-17 08:57 . 2011-06-10 20:44	--------	d-----w-	c:\documents and settings\Baran\Application Data\Azuon
2011-05-17 08:05 . 2011-05-17 08:05	--------	d-----w-	c:\program files\Azuon
2011-05-16 22:12 . 2011-06-04 22:03	--------	d-----w-	c:\documents and settings\Baran\Application Data\skypePM
2011-05-16 22:12 . 2011-06-04 19:53	--------	d-----w-	c:\documents and settings\All Users\Application Data\Skype Extras
2011-05-16 22:08 . 2011-06-05 09:02	--------	d-----w-	c:\documents and settings\Baran\Application Data\Skype
2011-05-16 22:06 . 2011-05-16 22:06	--------	d-----w-	c:\program files\Common Files\Skype
2011-05-16 22:06 . 2011-05-16 22:06	--------	d-----r-	c:\program files\Skype
2011-05-16 22:06 . 2011-05-16 22:06	--------	d-----w-	c:\documents and settings\All Users\Application Data\Skype
2011-05-16 15:48 . 2010-03-15 09:31	165376	----a-w-	c:\windows\system32\unrar.dll
2011-05-16 15:47 . 2011-05-16 15:48	--------	d-----w-	c:\program files\K-Lite Codec Pack
2011-05-16 15:45 . 2011-05-31 19:12	--------	d-----w-	c:\documents and settings\Baran\Application Data\BESTplayer
2011-05-16 12:24 . 2008-11-10 09:41	32656	----a-w-	c:\windows\system32\msonpmon.dll
2011-05-16 12:24 . 2006-10-26 17:56	33104	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2011-05-16 12:21 . 2011-05-16 12:21	--------	d-----w-	c:\program files\Microsoft.NET
2011-05-16 12:16 . 2011-05-16 12:16	--------	d-----w-	c:\program files\Microsoft Visual Studio 8
2011-05-16 11:16 . 2011-05-16 11:16	--------	d-----w-	c:\documents and settings\Baran\Local Settings\Application Data\Microsoft Help
2011-05-16 11:16 . 2011-06-06 21:41	--------	d-----w-	c:\documents and settings\All Users\Application Data\Microsoft Help
2011-05-15 23:53 . 2011-06-13 21:31	--------	d-----w-	c:\documents and settings\Baran\Application Data\Dropbox
2011-05-15 23:52 . 2011-05-15 23:52	--------	d-----w-	c:\documents and settings\Baran\Application Data\PSpad
2011-05-15 23:51 . 2011-05-15 23:52	--------	d-----w-	c:\program files\PSPad editor
2011-05-15 23:46 . 2011-05-15 23:46	--------	d-----w-	c:\documents and settings\Baran\Local Settings\Application Data\VirtualStore
2011-05-15 23:46 . 2011-05-16 13:48	--------	d-----w-	c:\program files\OSuCre
2011-05-15 22:09 . 2011-05-15 22:09	--------	d-----w-	c:\program files\Modem Helper
2011-05-15 22:08 . 2011-05-15 22:08	--------	d-----w-	c:\program files\Digital Line Detect
2011-05-15 00:56 . 2011-05-23 19:54	--------	d-----w-	C:\Quarantine
2011-05-14 23:52 . 2011-05-14 23:52	--------	d-----w-	c:\documents and settings\Baran\Application Data\OpenOffice.org
2011-05-14 23:28 . 2011-05-14 23:28	--------	d-----w-	c:\program files\OpenOffice.org 3
2011-05-14 22:39 . 2011-05-15 21:20	--------	d-----w-	c:\documents and settings\Baran\Local Settings\Application Data\Conduit
2011-05-14 22:39 . 2011-06-10 06:59	--------	d-----w-	c:\documents and settings\Baran\Local Settings\Application Data\uTorrentBar
2011-05-14 22:38 . 2011-05-14 22:38	--------	d-----w-	c:\documents and settings\Baran\Local Settings\Application Data\Temp
2011-05-14 22:38 . 2011-05-14 22:38	--------	d-----w-	c:\program files\uTorrent
2011-05-14 22:37 . 2011-06-05 19:36	--------	d-----w-	c:\documents and settings\Baran\Application Data\uTorrent
2011-05-14 21:49 . 2011-06-07 09:00	--------	d-----w-	c:\documents and settings\Baran\Application Data\Tlen.pl
2011-05-14 21:49 . 2011-05-14 21:49	--------	d-----w-	c:\documents and settings\All Users\Application Data\Tlen.pl
2011-05-14 21:47 . 2011-05-14 21:49	--------	d-----w-	c:\program files\Tlen.pl
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-13 21:37 . 2011-05-12 06:37	74848	----a-w-	c:\windows\system32\MfeOtlkAddin.dll
2011-06-13 21:37 . 2011-05-12 06:37	22816	----a-w-	c:\windows\system32\MFEOtlk.dll
2011-06-09 14:52 . 2011-05-14 18:20	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-14 15:48 . 2011-05-14 15:48	21275	----a-w-	c:\windows\system32\drivers\AegisP.sys
2011-04-14 16:59 . 2011-05-14 18:19	142296	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58099BE0-4E5B-06D3-5A59-AB15E69504F4}]
2011-05-23 12:30	272896	----a-w-	c:\windows\system32\gkaiflzlaffwfq.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\documents and settings\Baran\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\documents and settings\Baran\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\documents and settings\Baran\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\documents and settings\Baran\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-10 344064]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 602182]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"pylzuxafbf"="c:\windows\system32\gkaiflzlaffwfq.dll" [2011-05-23 272896]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-05-19 161088]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-01-12 215360]
.
c:\documents and settings\Baran\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Baran\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2011-5-16 24576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Tlen.pl\\tlen.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Baran\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\IBM\\SPSS\\Statistics\\19\\JRE\\bin\\javaw.exe"=
"c:\\Program Files\\IBM\\SPSS\\Statistics\\19\\stats.exe"=
"c:\\Program Files\\IBM\\SPSS\\Statistics\\19\\stats.com"=
"c:\\Program Files\\IBM\\SPSS\\Statistics\\19\\WinWrapIDE.exe"=
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [6/13/2011 11:38 PM 88544]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [6/13/2011 11:38 PM 145936]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [1/14/2011 1:35 PM 196912]
R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [5/12/2011 9:27 AM 92550]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [6/13/2011 11:38 PM 85152]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2786678
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Baran\Application Data\Mozilla\Firefox\Profiles\krag2lts.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-13 23:44
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\���|�������|��A~*]
"3140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(872)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-06-13  23:45:51
ComboFix-quarantined-files.txt  2011-06-13 21:45
.
Pre-Run: 52,054,659,072 bytes free
Post-Run: 52,123,373,568 bytes free
.
- - End Of File - - D1949D25E0B608CFF69F471D8FEB3EED