Hey,
ComboFix 11-04-01.01 - El Squido 02/04/2011 15:24:30.1.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.3070.1734 [GMT 1:00]
Running from: c:\users\El Squido\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\save tube video company
c:\program files\save tube video company\SaveTubeVideo\BrowserStartPage.dll
c:\program files\save tube video company\SaveTubeVideo\Config.dat
c:\program files\save tube video company\SaveTubeVideo\downloader.exe
c:\program files\save tube video company\SaveTubeVideo\FF\chrome.manifest
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\content\about.xul
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\content\settings.js
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\content\skysearchtoolbar.js
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\content\skysearchtoolbar.xul
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\locale\en-US\skysearchtoolbar.dtd
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\locale\en-US\toolbar.properties
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\skin\about.png
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\skin\aboutDlg.png
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\skin\bigbutton.png
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\skin\gripper.png
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\skin\savevideo.png
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\skin\savevideo2.png
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\skin\search.png
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\skin\settings.png
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\skin\showstatus.png
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\skin\skysearchtoolbar.css
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\words\anti-viruses.txt
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\words\archivators.txt
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\words\auto credit.txt
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\words\auto insurance.txt
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\words\baccarat.txt
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\words\bingo.txt
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\words\body-building.txt
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\words\casino.txt
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\words\credit.txt
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\words\free downloaders.txt
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\words\general health.txt
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\words\health and life.txt
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\words\home.txt
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\words\keno.txt
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\words\men`s health.txt
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\words\mp3 dvd players.txt
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\words\pain relief.txt
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\words\pets.txt
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\words\poker.txt
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\words\weight loss.txt
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\words\women`s health.txt
c:\program files\save tube video company\SaveTubeVideo\FF\components\ISwslib.xpt
c:\program files\save tube video company\SaveTubeVideo\FF\components\nsIRdsHistoryService.js
c:\program files\save tube video company\SaveTubeVideo\FF\components\nsIRdsHistoryService.xpt
c:\program files\save tube video company\SaveTubeVideo\FF\components\rdstb-autocomplete.js
c:\program files\save tube video company\SaveTubeVideo\FF\components\swslib.dll
c:\program files\save tube video company\SaveTubeVideo\FF\install.rdf
c:\program files\save tube video company\SaveTubeVideo\FF\tmp
c:\program files\save tube video company\SaveTubeVideo\InstallHelper.exe
c:\program files\save tube video company\SaveTubeVideo\new_update.zip
c:\program files\save tube video company\SaveTubeVideo\SaveTubeVideo.dll
c:\program files\save tube video company\SaveTubeVideo\ToolbarUpdate.exe
c:\program files\save tube video company\SaveTubeVideo\transport_dll.dll
c:\program files\save tube video company\SaveTubeVideo\unins000.dat
c:\program files\save tube video company\SaveTubeVideo\unins000.exe
c:\program files\save tube video company\SaveTubeVideo\update.dat
c:\program files\save tube video company\SaveTubeVideo\update.dll
c:\users\El Squido\AppData\Local\{BD750CB4-280D-4166-B403-ED32053F331F}
c:\users\El Squido\AppData\Local\{BD750CB4-280D-4166-B403-ED32053F331F}\chrome.manifest
c:\users\El Squido\AppData\Local\{BD750CB4-280D-4166-B403-ED32053F331F}\chrome\content\_cfg.js
c:\users\El Squido\AppData\Local\{BD750CB4-280D-4166-B403-ED32053F331F}\chrome\content\overlay.xul
c:\users\El Squido\AppData\Local\{BD750CB4-280D-4166-B403-ED32053F331F}\install.rdf
c:\users\El Squido\AppData\Local\ivoqatuzaruqe.dll
c:\users\El Squido\AppData\Local\wlALeSLe.dll
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-03-02 to 2011-04-02 )))))))))))))))))))))))))))))))
.
.
2011-04-02 14:32 . 2011-04-02 14:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-02 14:21 . 2011-04-02 14:21 -------- d-----w- C:\32788R22FWJFW
2011-03-29 16:18 . 2011-04-02 11:13 0 ----a-w- c:\users\El Squido\AppData\Local\Pxidov.bin
2011-03-26 14:13 . 2011-03-26 14:13 -------- d-----w- c:\program files\SystemRequirementsLab
2011-03-26 14:13 . 2011-03-26 14:13 -------- d-----w- c:\users\El Squido\AppData\Roaming\SystemRequirementsLab
2011-03-26 11:27 . 2011-03-26 11:59 -------- d-----w- c:\users\El Squido\AppData\Local\Google
2011-03-26 11:27 . 2011-03-26 11:28 -------- d-----w- c:\program files\Google
2011-03-26 11:27 . 2011-03-26 11:27 -------- d-----w- c:\users\El Squido\AppData\Local\Deployment
2011-03-26 11:27 . 2011-03-26 11:27 -------- d-----w- c:\users\El Squido\AppData\Local\Apps
2011-03-25 14:26 . 2011-03-25 14:26 -------- d-----w- c:\program files\Microsoft
2011-03-09 10:36 . 2011-02-19 05:33 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-03-09 10:36 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-03-09 10:36 . 2011-02-19 05:32 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-03-09 10:36 . 2010-12-23 05:28 850432 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 10:36 . 2010-12-23 05:28 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-09 10:36 . 2010-12-23 05:28 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 10:36 . 2010-12-23 05:24 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 10:36 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 10:36 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\system32\mstsc.exe
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-26 14:03 . 2009-11-04 21:13 140248 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-03-26 14:02 . 2009-11-04 21:12 266400 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-03-26 14:02 . 2009-11-04 21:12 266400 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-03-26 13:57 . 2009-11-04 21:12 215128 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-03-09 12:02 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-26 01:19 . 2011-02-26 01:19 41872 ----a-w- c:\windows\system32\xfcodec.dll
2011-02-12 19:52 . 2009-12-16 14:33 3140 --sha-w- c:\programdata\KGyGaAvL.sys
2011-02-03 05:45 . 2011-02-09 20:52 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-01-07 07:31 . 2011-02-23 11:48 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-07 07:31 . 2011-02-23 11:48 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-07 07:27 . 2011-02-09 20:55 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33 . 2011-02-09 20:55 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 03:37 . 2011-02-09 20:56 2329088 ----a-w- c:\windows\system32\win32k.sys
2006-05-03 10:06 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 216064 --sh--r- c:\windows\System32\nbDX.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2009-12-31 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2009-12-31 11:53 2349080 ----a-w- c:\program files\XfireXO\tbXfir.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-01 19:17 1487240 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2009-12-31 2349080]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}"= "c:\program files\XfireXO\tbXfir.dll" [2009-12-31 2349080]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2010-11-17 1242448]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-08-14 106904]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-02-03 394984]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-11-23 2980248]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-26 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-06-05 1310720]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-16 153608]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]
"Habu"="c:\program files\Razer\Habu\razerhid.exe" [2009-08-18 239616]
"Reclusa"="c:\program files\Razer\Reclusa\razerhid.exe" [2009-11-04 151552]
"Corel File Shell Monitor"="d:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-08-18 16712]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" [2009-08-22 24576]
"RivaTuner"="c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" [2009-08-22 24576]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13683816]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"tsnp2std"="c:\windows\tsnp2std.exe" [2009-03-10 258048]
"snp2std"="c:\windows\vsnp2std.exe" [2007-08-07 675840]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-11 421160]
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2008-08-18 532808]
.
c:\users\El Squido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
PowerReg Scheduler V3.exe [2009-11-9 225280]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Wireless Utility.lnk - c:\program files\Edimax\Common\RaUI.exe [2010-10-15 1576960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gmecoss]
2011-03-29 19:08 11264 ----a-w- c:\windows\System32\config\systemprofile\AppData\Local\gmecoss.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-26 136176]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 cpuz130;cpuz130;c:\users\ELSQUI~1\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-22 1343400]
R3 WG111T;NETGEAR WG111T USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WG111Tv.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
R3 zteusbser;ZTE USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [2008-09-01 104320]
S0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\DRIVERS\pssnap.sys [2010-06-21 15328]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-04 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
S1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\DRIVERS\StarPortLite.sys [2009-03-02 95592]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-11-16 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-11-16 95896]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-08-14 237984]
S2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2010-06-21 220128]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-03 240232]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-02-16 36608]
S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [2009-08-04 616960]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-08-21 66592]
S3 RecFltr;Reclusa Keyboard;c:\windows\system32\Drivers\RecFltr.sys [2009-08-12 41984]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - FSUSBEXDISK
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-26 11:27]
.
2011-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-26 11:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
FF - ProfilePath - c:\users\El Squido\AppData\Roaming\Mozilla\Firefox\Profiles\rifkmvpq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en-GB&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - %profile%\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\programdata\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Blotiqoh - c:\users\El Squido\AppData\Local\wlALeSLe.dll
HKLM-Run-NPSStartup - (no file)
HKLM-Run-Mxinaquzac - c:\users\El Squido\AppData\Local\ivoqatuzaruqe.dll
AddRemove-SaveTubeVideo_is1 - c:\program files\Save Tube Video Company\SaveTubeVideo\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3175929246-1742711037-3771426543-1000\Software\SecuROM\License information*]
"datasecu"=hex:7c,a1,df,27,b4,01,42,d0,c8,94,47,33,d5,e1,56,07,ca,68,47,91,1f,
33,b9,1a,f1,0b,c2,87,3a,59,10,9b,5b,e6,85,2c,41,1c,45,c1,a1,f1,55,f4,fa,71,\
"rkeysecu"=hex:13,ec,d2,01,42,c3,60,5c,63,09,d4,70,13,78,4d,f5
.
[HKEY_USERS\S-1-5-21-3175929246-1742711037-3771426543-1000\¬ ÿ*3*]
@Allowed: (Read) (RestrictedCode)
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-04-02 15:33:38
ComboFix-quarantined-files.txt 2011-04-02 14:33
.
Pre-Run: 700,234,035,200 bytes free
Post-Run: 735,565,950,976 bytes free
.
- - End Of File - - 741B80E7A1F55F4270329C89D6D5766E