ComboFix 12-08-09.01 - victor 08/10/2012 12:39:51.1.2 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3035.1875 [GMT -7:00] Running from: c:\users\victor\Desktop\ComboFix.exe AV: Norton AntiVirus Online *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Norton AntiVirus Online *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\program files\Object c:\program files\Object\config.ini c:\program files\Object\enable.txt c:\program files\Object\status.txt c:\program files\Object\status2.txt c:\program files\Shop to Win c:\program files\Shop to Win\Test.htm c:\program files\TelevisionFanaticEI c:\users\victor\Documents\ShopToWin c:\windows\system32\config\systemprofile\0.16430399629982395.exe c:\windows\system32\pt c:\windows\system32\pt\ThpProp.exe.mui c:\windows\system32\pt\ThpSrv.exe.mui c:\windows\XSxS . . ((((((((((((((((((((((((( Files Created from 2012-07-10 to 2012-08-10 ))))))))))))))))))))))))))))))) . . 2012-08-10 19:48 . 2012-08-10 19:48 -------- d-----w- c:\users\victor\AppData\Local\temp 2012-08-10 19:48 . 2012-08-10 19:48 -------- d-----w- c:\users\Oksana\AppData\Local\temp 2012-08-10 19:48 . 2012-08-10 19:48 -------- d-----w- c:\users\Mark\AppData\Local\temp 2012-08-10 18:50 . 2012-08-10 18:50 -------- dc----w- C:\_OTL 2012-08-10 01:13 . 2012-08-10 01:13 -------- dc----w- C:\FRST 2012-08-09 01:40 . 2012-08-10 00:13 -------- d-sh--w- c:\windows\system32\%APPDATA% 2012-08-06 18:43 . 2012-08-06 18:43 -------- d-----w- c:\programdata\CPA_VA 2012-07-16 17:17 . 2012-07-16 17:17 -------- d-----w- c:\users\victor\AppData\Roaming\AVG . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-10 18:07 . 2012-04-10 01:06 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-10 18:07 . 2011-05-16 14:10 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-25 23:04 . 2012-06-25 23:04 1394248 ----a-w- c:\windows\system32\msxml4.dll 2012-06-12 02:40 . 2012-07-11 05:08 2345984 ----a-w- c:\windows\system32\win32k.sys 2012-06-06 05:05 . 2012-07-11 03:43 1390080 ----a-w- c:\windows\system32\msxml6.dll 2012-06-06 05:05 . 2012-07-11 03:43 1236992 ----a-w- c:\windows\system32\msxml3.dll 2012-06-06 05:03 . 2012-07-11 03:43 805376 ----a-w- c:\windows\system32\cdosys.dll 2012-06-02 22:19 . 2012-06-22 14:23 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 22:19 . 2012-06-22 14:24 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-22 14:24 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-22 14:24 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-22 14:24 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:19 . 2012-06-22 14:24 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:12 . 2012-06-22 14:24 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12 . 2012-06-22 14:23 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 22:12 . 2012-06-22 14:24 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 08:33 . 2012-07-11 05:11 1800192 ----a-w- c:\windows\system32\jscript9.dll 2012-06-02 08:25 . 2012-07-11 05:11 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-06-02 08:25 . 2012-07-11 05:11 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-02 08:20 . 2012-07-11 05:11 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-02 08:16 . 2012-07-11 05:11 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-06-02 04:45 . 2012-07-11 03:43 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-06-02 04:45 . 2012-07-11 03:43 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-06-02 04:40 . 2012-07-11 03:43 369336 ----a-w- c:\windows\system32\drivers\cng.sys 2012-06-02 04:40 . 2012-07-11 03:43 225280 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 04:39 . 2012-07-11 03:43 219136 ----a-w- c:\windows\system32\ncrypt.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-11-12 39408] "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-06 222496] "Facebook Update"="c:\users\victor\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096] "PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-07 1866864] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-21 476512] "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616] "TUSBSleepChargeSrv"="c:\program files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [2009-03-28 252288] "HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-26 619008] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-08-27 10828392] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKLM\~\startupfolder\C:^Users^victor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Epson all-in-one Registration.lnk] path=c:\users\victor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk backup=c:\windows\pss\Epson all-in-one Registration.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^victor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=c:\users\victor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^victor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk] path=c:\users\victor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ThpSrv] c:\windows\system32\thpsrv [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-02 18:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] 2010-03-06 11:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager] 2009-04-07 16:13 673616 ------w- c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON NX510 Series] 2009-11-04 12:07 199680 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIFIA.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Epson Stylus NX510(Network)] 2009-11-04 12:07 199680 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIFIA.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2012-02-01 20:07 136176 ----atw- c:\users\victor\AppData\Local\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch] 2009-08-28 02:20 46368 ----a-w- c:\program files\Nuance\PaperPort\IndexSearch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-06-08 02:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD] 2009-08-28 02:22 29984 ----a-w- c:\program files\Nuance\PaperPort\pptd40nt.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF5 Registry Controller] 2009-08-26 00:17 62752 ----a-w- c:\program files\Nuance\PDFViewerPlus\RegistryController.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFHook] 2009-08-26 00:18 1365280 ----a-w- c:\program files\Nuance\PDFViewerPlus\pdfPro5Hook.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort12reminder] 2008-11-03 19:02 328992 ----a-w- c:\program files\Nuance\PaperPort\Ereg\Ereg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickCare] 2010-01-16 21:30 206120 ----a-w- c:\program files\Qwest\Quickcare\bin\sprtcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2012-04-19 03:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QwestTouchPointAgent] 2011-01-25 21:30 45992 ----a-w- c:\program files\Qwest\Desktop\QwestTouchPointAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2012-02-29 15:55 17148552 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView] 2009-07-28 21:00 460088 ----a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2011-11-12 17:51 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] R3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314.sys [x] R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr.sys [x] R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x] R3 DIFMBUS;Franklin EVDO USB Modem Composite Device Driver;c:\windows\system32\DRIVERS\DIFMBUS.sys [x] R3 DIFMCVsp;Franklin EVDO USB Modem CM Port;c:\windows\system32\DRIVERS\DIFMCVsp.sys [x] R3 DIFMMdm;Franklin EVDO USB Modem;c:\windows\system32\DRIVERS\DIFMMdm.sys [x] R3 DIFMNET;Franklin EVDO USB Modem Network Adapter;c:\windows\system32\DRIVERS\DIFMNET.sys [x] R3 DIFMNVsp;Franklin EVDO USB Modem NMEA Port Serial Port;c:\windows\system32\DRIVERS\DIFMNVsp.sys [x] R3 DIFMVsp;Franklin EVDO USB Modem Diagnostics Port;c:\windows\system32\DRIVERS\DIFMVsp.sys [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x] R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x] R3 qcfilterTSH;Toshiba USB Composite Device Filter Driver;c:\windows\system32\DRIVERS\qcfilterTSH.sys [x] R3 qcusbnetTSH;Toshiba USB-NDIS miniport;c:\windows\system32\DRIVERS\qcusbnetTSH.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x] R4 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [x] R4 QDLService;Qualcomm Gobi Download Service;c:\qualcomm\QDLService\QDLService.exe [x] R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x] R4 sprtsvc_quickcare;SupportSoft Sprocket Service (quickcare);c:\program files\Qwest\Quickcare\bin\sprtsvc.exe [x] R4 tgsrvc_quickcare;SupportSoft Repair Service (quickcare);c:\program files\Qwest\Quickcare\bin\tgsrvc.exe [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1307010.005\SYMDS.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1307010.005\SYMEFA.SYS [x] S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x] S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x] S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120804.001\BHDrvx86.sys [x] S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAV\1307010.005\ccSetx86.sys [x] S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120809.001\IDSvix86.sys [x] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1307010.005\Ironx86.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAV\1307010.005\SYMNETS.SYS [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe [x] S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [x] S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [x] S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x] S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x] S3 qcusbserTSH;Toshiba USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbserTSH.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - PBFILTER *Deregistered* - pbfilter . Contents of the 'Scheduled Tasks' folder . 2012-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 18:07] . 2012-07-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2712941158-3131102933-1011039749-1000Core.job - c:\users\victor\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-16 22:54] . 2012-07-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2712941158-3131102933-1011039749-1000UA.job - c:\users\victor\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-16 22:54] . 2012-08-10 c:\windows\Tasks\Final Media Player Update Checker.job - c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2012-01-18 22:24] . 2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-30 00:28] . 2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-30 00:28] . 2012-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2712941158-3131102933-1011039749-1000Core.job - c:\users\victor\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-20 20:07] . 2012-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2712941158-3131102933-1011039749-1000UA.job - c:\users\victor\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-20 20:07] . . ------- Supplementary Scan ------- . mStart Page = hxxp://www.bigseekpro.com/solidyoutube/{D651FF17-0A3F-41E3-996C-B3717AD9060E} uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000 IE: Open with PDF Viewer Plus - c:\program files\Nuance\PDFViewerPlus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm TCP: DhcpNameServer = 192.168.0.1 205.171.2.25 TCP: Interfaces\{81D563F6-CAF0-469A-9969-CCD85A442746}\262716B656475616D6: DhcpNameServer = 192.168.0.1 205.171.3.25 TCP: Interfaces\{81D563F6-CAF0-469A-9969-CCD85A442746}\353686E67457563747: DhcpNameServer = 204.117.214.10 199.2.252.10 TCP: Interfaces\{81D563F6-CAF0-469A-9969-CCD85A442746}\35D434752425134335D2E443F51405: DhcpNameServer = 192.168.2.1 192.168.2.1 TCP: Interfaces\{81D563F6-CAF0-469A-9969-CCD85A442746}\95F657E6760516E64616D27657563747: DhcpNameServer = 192.168.0.1 205.171.3.25 . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{447ccf23-3319-4481-b1f6-0b13e40b0639} - (no file) MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe MSConfigStartUp-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe MSConfigStartUp-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe MSConfigStartUp-limewire plus+ - c:\program files\Limewire Plus+\limewire.exe MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe MSConfigStartUp-StarzTray - c:\program files\StarzPlay\StarzPlayTray.exe MSConfigStartUp-TkBellExe - c:\program files\real\realplayer\update\realsched.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAV] "ImagePath"="\"c:\program files\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\19.7.1.5\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2712941158-3131102933-1011039749-1000\Software\SecuROM\License information*] "datasecu"=hex:38,01,86,a7,10,9c,04,ea,39,1e,28,95,05,c9,f8,fa,3e,7f,37,a0,ca, e1,3f,e7,27,df,bb,1c,32,b9,36,0d,d1,81,80,4d,62,fd,1d,43,f4,b2,45,94,8d,a0,\ "rkeysecu"=hex:5a,1c,c4,f0,35,7b,1c,d2,10,a1,c1,de,3e,6a,b0,6b . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-08-10 12:50:11 ComboFix-quarantined-files.txt 2012-08-10 19:50 . Pre-Run: 36,360,982,528 bytes free Post-Run: 36,483,571,712 bytes free . - - End Of File - - 8DD3088D90688C451AAA252D88AD49EC