ComboFix 12-02-21.02 - Steve 02/21/2012  20:48:08.1.4 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.4094.2500 [GMT -5:00]
Running from: c:\users\Steve\Desktop\ComboFix.exe
AV: Titanium Internet Security *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Titanium Internet Security *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\users\Steve\AppData\Roaming\sa1vbe04k_02_fuz_eng.exe
c:\windows\bwUnin-8.1.1.50-8876480SL.exe
c:\windows\bwUnin-8.1.1.87-8876480SL.exe
c:\windows\jestertb.dll
c:\windows\svchost.exe
c:\windows\SysWow64\404Fix.exe
c:\windows\SysWow64\Agent.OMZ.Fix.exe
c:\windows\SysWow64\dumphive.exe
c:\windows\SysWow64\IEDFix.C.exe
c:\windows\SysWow64\IEDFix.exe
c:\windows\SysWow64\o4Patch.exe
c:\windows\SysWow64\Process.exe
c:\windows\SysWow64\SrchSTS.exe
c:\windows\SysWow64\tmp.reg
c:\windows\SysWow64\VACFix.exe
c:\windows\SysWow64\VCCLSID.exe
c:\windows\SysWow64\WS2Fix.exe
.
.
(((((((((((((((((((((((((   Files Created from 2012-01-22 to 2012-02-22  )))))))))))))))))))))))))))))))
.
.
2012-02-22 01:57 . 2012-02-22 02:00	--------	d-----w-	c:\users\Steve\AppData\Local\temp
2012-02-22 01:57 . 2012-02-22 01:57	--------	d-----w-	c:\users\Evelyn\AppData\Local\temp
2012-02-22 01:57 . 2012-02-22 01:57	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-02-21 23:45 . 2012-02-08 07:13	8643640	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{40CF68B7-234B-4259-B5F6-61B4A396DD60}\mpengine.dll
2012-02-19 21:13 . 2012-02-19 21:13	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-02-19 21:12 . 2012-02-19 21:12	--------	d-----w-	C:\tdsskiller
2012-02-19 20:37 . 2012-02-19 20:37	691	----a-w-	c:\users\Evelyn\AppData\Roaming\GetValue.vbs
2012-02-19 20:37 . 2012-02-19 20:37	35	----a-w-	c:\users\Evelyn\AppData\Roaming\SetValue.bat
2012-02-19 20:36 . 2012-02-19 20:37	--------	d-----w-	c:\windows\SysWow64\SmitfraudFix
2012-02-19 19:46 . 2012-02-19 20:11	691	----a-w-	c:\users\Steve\AppData\Roaming\GetValue.vbs
2012-02-19 19:46 . 2012-02-19 20:11	35	----a-w-	c:\users\Steve\AppData\Roaming\SetValue.bat
2012-02-19 17:26 . 2012-02-19 18:30	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2012-02-19 17:26 . 2012-02-19 17:35	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy
2012-02-19 16:04 . 2012-01-29 10:10	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-02-18 14:47 . 2012-02-18 14:47	--------	d-----w-	c:\program files\Realtek
2012-02-18 14:45 . 2010-07-22 21:37	200800	----a-w-	c:\windows\system32\AERTAC64.dll
2012-02-18 14:45 . 2009-11-17 23:12	108960	----a-w-	c:\windows\system32\AERTAR64.dll
2012-02-18 14:44 . 2012-02-18 14:44	--------	d-----w-	c:\program files\DIFX
2012-02-18 14:44 . 2011-07-08 02:21	29288	----a-w-	c:\windows\system32\nvhdap64.dll
2012-02-18 14:44 . 2011-07-08 02:21	174184	----a-w-	c:\windows\system32\drivers\nvhda64v.sys
2012-02-18 14:44 . 2011-07-08 02:21	1452648	----a-w-	c:\windows\system32\nvhdagenco6420102.dll
2012-02-18 00:38 . 2012-02-21 23:39	--------	d-----w-	c:\programdata\PCPitstop
2012-02-18 00:38 . 2012-02-18 00:38	--------	d-----w-	c:\program files (x86)\PCPitstop
2012-02-17 12:24 . 2012-02-17 12:24	--------	d-----w-	c:\users\Steve\AppData\Local\ElevatedDiagnostics
2012-02-17 02:19 . 2012-02-17 02:15	67344	----a-w-	c:\windows\system32\drivers\tmeevw.sys
2012-02-17 02:19 . 2012-02-17 02:15	210704	----a-w-	c:\windows\system32\drivers\tmnciesc.sys
2012-02-17 02:19 . 2012-02-17 02:15	105744	----a-w-	c:\windows\system32\drivers\tmtdi.sys
2012-02-17 02:19 . 2012-02-17 02:15	91920	----a-w-	c:\windows\system32\drivers\tmactmon.sys
2012-02-17 02:19 . 2012-02-17 02:15	70928	----a-w-	c:\windows\system32\drivers\tmevtmgr.sys
2012-02-17 02:19 . 2012-02-17 02:15	167696	----a-w-	c:\windows\system32\drivers\tmcomm.sys
2012-02-17 02:17 . 2012-02-17 02:18	--------	d-----w-	c:\program files\Trend Micro
2012-02-16 00:54 . 2012-02-16 00:54	--------	d-----w-	c:\users\Steve\AppData\Roaming\Malwarebytes
2012-02-16 00:54 . 2012-02-16 00:54	--------	d-----w-	c:\programdata\Malwarebytes
2012-02-10 01:14 . 2012-02-16 02:41	--------	d-----w-	c:\users\Steve\AppData\Local\lanMapdb
2012-01-24 02:10 . 2012-01-24 02:10	--------	d-----w-	c:\program files (x86)\Runtime Software
2012-01-23 23:44 . 2011-11-17 06:53	515968	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-01-23 23:44 . 2011-11-16 16:42	347136	----a-w-	c:\windows\system32\schannel.dll
2012-01-23 23:44 . 2011-11-16 16:41	1689600	----a-w-	c:\windows\system32\lsasrv.dll
2012-01-23 23:44 . 2011-11-16 16:23	278528	----a-w-	c:\windows\SysWow64\schannel.dll
2012-01-23 23:44 . 2011-11-16 16:43	442368	----a-w-	c:\windows\system32\winhttp.dll
2012-01-23 23:44 . 2011-11-16 16:42	94720	----a-w-	c:\windows\system32\secur32.dll
2012-01-23 23:44 . 2011-11-16 16:24	77312	----a-w-	c:\windows\SysWow64\secur32.dll
2012-01-23 23:44 . 2011-11-16 16:23	377344	----a-w-	c:\windows\SysWow64\winhttp.dll
2012-01-23 23:44 . 2011-11-16 14:34	11264	----a-w-	c:\windows\system32\lsass.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-17 02:18 . 2011-08-23 23:57	56	----a-w-	c:\windows\system32\SupportTool.exe.bat
2012-02-10 01:15 . 2011-06-02 00:17	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-08 21:27 . 2008-03-16 22:13	3744872	----a-w-	c:\windows\system32\RtkAPO64.dll
2011-11-25 16:25 . 2012-01-20 01:38	451072	----a-w-	c:\windows\system32\winsrv.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-05 06:38	121392	----a-w-	c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\users\Steve\AppData\Roaming\mjusbsp\cdloader2.exe" [2010-02-26 50520]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-15 68856]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-01-31 160328]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PCMMediaSharing"="c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-26 204908]
"Acer Product Registration"="c:\program files (x86)\Acer Registration\ACE1.exe" [2007-02-02 3383296]
"Acer Assist Launcher"="c:\program files (x86)\Acer Assist\launcher.exe" [2007-02-02 1261568]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" [2007-04-16 259624]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Info Center"="c:\program files (x86)\PCPitstop\Info Center\InfoCenter.exe" [2012-01-31 26264]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
AutoBackup Launcher.lnk - c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher.exe [2007-2-14 211992]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ASETRES.EXE [2008-4-14 20480]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-3-16 535336]
HotSync Manager.lnk - c:\palm\HOTSYNC.EXE [2008-12-16 282624]
Logitech Desktop Messenger.lnk - c:\program files (x86)\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-5-3 91440]
Lotus Organizer EasyClip.lnk - d:\lotus\organize\easyclip.exe [2002-8-8 87040]
Philips GoGear VIBE Device Manager.lnk - c:\philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe [2009-12-27 1611152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-26 269448]
R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-13 19:41]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-13 19:41]
.
2012-02-17 c:\windows\Tasks\NatSpeak Periodic Acoustic Optimization.job
- c:\program files (x86)\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2009-03-17 04:03]
.
2012-02-17 c:\windows\Tasks\NatSpeak Periodic Language Model Optimization.job
- c:\program files (x86)\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2009-03-17 04:03]
.
2012-02-21 c:\windows\Tasks\User_Feed_Synchronization-{E53CF9B6-4DC6-4449-9B46-2FA26FAEF63E}.job
- c:\windows\system32\msfeedssync.exe [2012-02-17 04:44]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-05 06:39	51248	----a-w-	c:\acer\Empowering Technology\eDataSecurity\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2008-01-10 326176]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe" [2008-03-05 560688]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-02-02 830976]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-06-07 333344]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 15845920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 82464]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-17 204048]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-05 1300672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp64&d=1208&m=aspire_m3641
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
TCP: DhcpNameServer = 192.168.0.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files (x86)\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\rllb8erq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKLM-Run-eRecoveryService - (no file)
Wow6432Node-HKLM-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
Wow6432Node-HKU-Default-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
HKLM-Run-Apanel - c:\acersw\config\SetApanel.cmd
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe
c:\acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
c:\program files (x86)\Memeo\AutoBackup\MemeoBackup.exe
.
**************************************************************************
.
Completion time: 2012-02-21  21:25:34 - machine was rebooted
ComboFix-quarantined-files.txt  2012-02-22 02:25
.
Pre-Run: 86,047,584,256 bytes free
Post-Run: 86,668,169,216 bytes free
.
- - End Of File - - 9D1029C07CA5B03F516A5D021A799CE3