• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.   EDIT: I have asked our hosting service to do the restore at 9 PM Central time and it looks like it will go forward at that time.  Please prepare whatever you need to prepare so that we can restore your topics when the forum is stable again.

wingnut555

Full Member
  • Content count

    43
  • Joined

  • Last visited

About wingnut555

  • Rank
    Member
  • Birthday
  1. Hello Joker, I uninstalled MSE and am running just Avast now. Everything still seems to be running well. I ran AdwCleaner and JRT as instructed without problem and the log files are below. Thanks again for your most excellent help. Let me know what the next steps are that you recommend. # AdwCleaner v2.305 - Logfile created 07/13/2013 at 16:09:42 # Updated 11/07/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Mark - HOME # Boot Mode : Normal # Running from : C:\Users\Mark\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** Stopped & Deleted : DvmMDES ***** [Files / Folders] ***** ***** [Registry] ***** Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKLM\Software\Classes\Installer\Features\D6D9DA99654AEE9438062FE27EAA2127 Key Deleted : HKLM\Software\Classes\Installer\Products\D6D9DA99654AEE9438062FE27EAA2127 Key Deleted : HKLM\Software\DeviceVM Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{99AD9D6D-A456-49EE-8360-F22EE7AA1272} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16635 [OK] Registry is clean. ************************* AdwCleaner[s1].txt - [2970 octets] - [14/04/2013 10:28:49] AdwCleaner[s2].txt - [2066 octets] - [13/07/2013 16:09:42] ########## EOF - C:\AdwCleaner[s2].txt - [2126 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.0.9 (07.12.2013:2) OS: Windows 7 Home Premium x64 Ran by Mark on Sat 07/13/2013 at 16:16:45.22 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\Mark\appdata\locallow\whitesmoketoolbar" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sat 07/13/2013 at 16:20:54.26 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  2. Regarding the previous post, I first updated Adobe Reader X using Avast, and then removed it and installed the latest version (XI) from Adobe, as instructed. Also Win7 did an update (17 steps) the last time I rebooted, so it seems to be doing well. Thanks again.
  3. Hello Joker, Thanks for the reply and help. I have updated Adobe Reader and ran the ComboFix procedure as instructed. The log file is below. Based on this latest episode I am convinced I need to use a stronger antivirus for this desktop computer so would prefer to ditch MSE and go with Avast if I can only use one of them. I have had the free version of Avast running on my other computer (an old D620 laptop running XP) for some time and it does seem to periodically catch intrusions, although it does take longer to boot up, update, scan files being transmitted and so forth so generally slows the overall processing down a bit, but I guess that is for the good. MSE seems to stay more out of the way of the processing and so is more convenient, but has evidently failed me twice now. So I will prefer to go with Avast and will next need to decide during the trial period whether just use the free version or pay for the added features of the subscription. Again thanks for your great help, and let me know what the next steps are, if any. ComboFix 13-07-11.01 - Mark 07/11/2013 8:24.6.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2214 [GMT -6:00] Running from: c:\users\Mark\Desktop\ComboFix.exe Command switches used :: c:\users\Mark\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Mark\AppData\Local\assembly\tmp . . ((((((((((((((((((((((((( Files Created from 2013-06-11 to 2013-07-11 ))))))))))))))))))))))))))))))) . . 2013-07-09 16:09 . 2013-07-09 16:09 -------- d-----w- c:\program files\iPod 2013-07-09 16:09 . 2013-07-09 16:09 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-07-09 16:09 . 2013-07-09 16:09 -------- d-----w- c:\program files\iTunes 2013-07-09 16:09 . 2013-07-09 16:09 -------- d-----w- c:\program files (x86)\iTunes 2013-07-09 16:05 . 2013-07-09 16:05 -------- d-----w- c:\program files\WinZip 2013-07-09 15:01 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-07-08 22:18 . 2013-07-08 22:25 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-07-08 22:18 . 2013-05-09 08:59 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-07-07 18:36 . 2013-07-10 03:38 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-07-07 17:55 . 2013-07-07 17:55 -------- d-----w- c:\users\Mark\SecurityCheck 2013-07-04 14:30 . 2013-07-04 14:30 -------- d-----w- c:\program files (x86)\Common Files\Skype 2013-06-27 18:25 . 2013-06-27 18:25 9793536 ----a-w- c:\programdata\Microsoft\BingDesktop\Updater\BingDesktop.msi 2013-06-22 12:19 . 2013-06-22 12:19 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E32AE5AB-B4FE-4C01-A164-75218BFD943E}\gapaengine.dll 2013-06-20 15:59 . 2013-06-20 16:19 -------- d-----w- c:\users\Melissa\AppData\Local\ACD Systems 2013-06-19 00:02 . 2013-06-19 00:02 -------- d-----w- c:\users\Mark\AppData\Roaming\Sling Media 2013-06-19 00:01 . 2013-06-19 00:01 -------- d-----w- c:\program files (x86)\Sling Media 2013-06-12 18:30 . 2013-05-17 01:25 257536 ----a-w- c:\program files (x86)\Internet Explorer\ieproxy.dll 2013-06-12 15:56 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-06-12 15:55 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll 2013-06-12 15:55 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-06-12 15:55 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll 2013-06-12 15:55 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll 2013-06-12 15:54 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll 2013-06-12 15:54 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll 2013-06-12 15:54 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe 2013-06-12 15:54 . 2013-05-13 05:51 1464320 ----a-w- c:\windows\system32\crypt32.dll 2013-06-12 15:54 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe 2013-06-12 15:54 . 2013-05-13 05:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2013-06-12 15:54 . 2013-05-13 05:51 139776 ----a-w- c:\windows\system32\cryptnet.dll 2013-06-12 15:54 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll 2013-06-12 15:54 . 2013-05-13 04:45 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2013-06-12 15:54 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll 2013-06-12 15:54 . 2013-05-13 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2013-06-12 15:54 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll 2013-06-12 15:53 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll 2013-06-12 15:53 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll 2013-06-12 14:24 . 2013-06-12 14:24 9089416 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-08 22:25 . 2012-11-09 16:03 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-07-08 22:25 . 2012-11-09 16:03 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-06-12 18:30 . 2009-12-12 13:11 75825640 ----a-w- c:\windows\system32\MRT.exe 2013-06-12 14:24 . 2012-03-29 13:34 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-06-12 14:24 . 2011-05-15 04:30 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-05 19:40 . 2012-12-18 13:53 94344 ----a-w- c:\programdata\Microsoft\BingDesktop\Updater\BingDesktopRestarter.exe 2013-05-22 13:19 . 2011-03-28 01:59 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2013-05-16 02:00 . 2010-06-24 17:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-09 08:59 . 2012-11-09 16:03 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2013-05-09 08:59 . 2012-11-09 16:03 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-05-09 08:59 . 2012-11-09 16:03 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2013-05-09 08:59 . 2012-11-09 16:03 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-05-09 08:58 . 2012-11-09 16:03 41664 ----a-w- c:\windows\avastSS.scr 2013-05-09 08:58 . 2012-11-09 16:03 287840 ----a-w- c:\windows\system32\aswBoot.exe 2013-05-02 15:29 . 2009-10-10 04:49 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-05-01 09:59 . 2013-05-01 09:59 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2013-05-01 09:59 . 2013-05-01 09:59 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2013-04-13 05:49 . 2013-05-16 01:55 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49 . 2013-05-16 01:55 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49 . 2013-05-16 01:55 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49 . 2013-05-16 01:55 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45 . 2013-05-16 01:55 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45 . 2013-05-16 01:55 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-04-12 14:45 . 2013-04-24 13:47 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2013-06-27 2249352] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2013-4-29 685936] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . R2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS;c:\windows\SYSNATIVE\drivers\BVRPMPR5a64.SYS [x] R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys;c:\windows\SYSNATIVE\Drivers\motoandroid.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [x] S0 aswRvrt;aswRvrt; [x] S0 aswVmm;aswVmm; [x] S0 tdrpman228;Acronis Try&Decide and Restore Points filter (build 228);c:\windows\system32\DRIVERS\tdrpm228.sys;c:\windows\SYSNATIVE\DRIVERS\tdrpm228.sys [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\DRIVERS\CLBStor.sys;c:\windows\SYSNATIVE\DRIVERS\CLBStor.sys [x] S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2012/05/12 21:11];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl;c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x] S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [x] S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe;c:\asus.sys\config\DVMExportService.exe [x] S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x] S2 KSS;Kaspersky Security Scan Service;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [x] S2 MotoHelper.exe;Motorola Helper;c:\program files (x86)\Motorola\Moto Helper Service\MotoHelper.exe;c:\program files (x86)\Motorola\Moto Helper Service\MotoHelper.exe [x] S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [x] S3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);c:\windows\system32\DRIVERS\CamDrL64.sys;c:\windows\SYSNATIVE\DRIVERS\CamDrL64.sys [x] S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x] S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x] S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x] . . --- Other Services/Drivers In Memory --- . *Deregistered* - Avgtdia . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2011-01-19 22:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-07-11 14:21 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.71\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-07-11 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 14:24] . 2013-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-11 15:39] . 2013-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-11 15:39] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2013-06-07 05:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2013-06-07 05:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2013-06-07 05:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2013-06-07 05:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2013-06-07 05:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2013-06-07 05:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\mssecex.exe" [bU] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local>;192.168.*.*;*.local IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 Trusted Zone: microsoft.com\update TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{E167CDFB-4221-440A-A4B5-7D92B3536C51}: DhcpNameServer = 10.0.0.1 DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.032" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.abr" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.amr" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.ani" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.apd" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.art\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.art" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.arw" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.bay" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.bmp" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.bw" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bwf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.bwf" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.caf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.caf" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdda\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.cdda" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cel\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.cel" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.cr2" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.crw" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.cs1" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.cur" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.dcr" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.dcx" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.dib" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.djv" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.djvu" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.dng" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.emf" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.eps" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.erf" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.fff" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.flc" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fli\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.fli" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.fpx" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.gif" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gsm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.gsm" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.hdr" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.icl" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.icn" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.ico" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.iff" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.ilbm" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.int" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.inta" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.iw4" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.j2c" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.j2k" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jbr" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jfif" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jif" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jp2" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jpc" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jpe" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jpeg" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice] @Denied: (2) (S-1-5-21-3966502806-3752072180-1350753476-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jpg" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jpk" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jpx" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kar\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.kar" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.kdc" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.lbm" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m15\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.m15" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.m1a" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.m2a" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice] @Denied: (2) (S-1-5-21-3966502806-3752072180-1350753476-1000) @Denied: (2) (LocalSystem) "Progid"="QuickTime.m4a" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4b\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.m4b" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4p\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.m4p" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.m75" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mag\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.mag" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.mef" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.mos" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.mpv" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.mrw" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.nef" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.nrw" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.orf" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pbm" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pbr" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pcd" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pct" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pcx" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pef" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pgm" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pic" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pics" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pict" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pix" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.png" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.ppm" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.psd" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.psp" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pspbrush" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pspimage" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qcp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.qcp" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.qtpf" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.raf" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.ras" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.raw" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.rgb" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.rgba" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.rle" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.rsb" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.rw2" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.rwl" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdv\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.sdv" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.sfil" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.sgi" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.smf" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smi\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.smi" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smil\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.smil" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.sml" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.sr2" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.srf" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.srw" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.swa" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.tga" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.thm" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.tif" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.tiff" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.ttc" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.ttf" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.ulw" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.v30po" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.v30pp" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.v30ppf" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.vfw" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.wbm" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.wbmp" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.wmf" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.xbm" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.xif" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.xmp" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.xpm" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-07-11 08:35:41 ComboFix-quarantined-files.txt 2013-07-11 14:35 ComboFix2.txt 2013-07-09 14:51 ComboFix3.txt 2012-11-13 15:39 ComboFix4.txt 2012-11-13 05:06 . Pre-Run: 5,315,289,088 bytes free Post-Run: 5,448,273,920 bytes free . - - End Of File - - 735D4836D7466D3B5709360C63BB2E24 A36C5E4F47E84449FF07ED3517B43A31
  4. Sorry in the above post I meant to say: So I did not find them to submit to VirusTotal. Thanks again.
  5. Thanks for your reply. I uninstalled Java and deleted the Sun folder. I could not find the files: c:\windows\system32\drivers\qkgjsmap.sys c:\windows\system32\drivers\ukhilwmp.sys So I did find them to submit to VirusTotal The radio button for "Show hidden files, folders, and drives" was selected and also "Hide protected operating system files (Recommended)" was unchecked. I have since re-checked this box and selected the button to re-hide hidden folders. I was able to run MBAR, it did update, and the log files are below. I also ran the ESET scanner as instructed. It took about 9 hours to run. No threats were detected, so I did not see anything to click for a log, or a List Threats or export a file. Perhaps I missed something to create or find a log? MBAR logs: Malwarebytes Anti-Rootkit BETA 1.06.0.1004 www.malwarebytes.org Database version: v2013.07.09.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16618 Mark :: HOME [administrator] 7/9/2013 9:23:32 PM mbar-log-2013-07-09 (21-23-32).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P Scan options disabled: PUP Objects scanned: 361702 Time elapsed: 12 minute(s), 56 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.06.0.1004 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.16618 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED CPU speed: 3.210000 GHz Memory total: 4294107136, free: 2547712000 Downloaded database version: v2013.07.09.09 Initializing... ------------ Kernel report ------------ 07/09/2013 21:23:26 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_AuthenticAMD.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\pciide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\DRIVERS\MpFilter.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\system32\DRIVERS\tdrpm228.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\system32\DRIVERS\snapman.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\AtiPcie.sys \SystemRoot\System32\Drivers\aswVmm.sys \SystemRoot\System32\Drivers\aswRvrt.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\aswSnx.SYS \SystemRoot\system32\DRIVERS\CLBStor.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\Drivers\aswTdi.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\Drivers\aswrdr2.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\serial.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\System32\Drivers\aswSP.SYS \SystemRoot\SysWow64\drivers\AsIO.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\amdppm.sys \SystemRoot\system32\DRIVERS\nvlddmkm.sys \SystemRoot\System32\Drivers\nvBridge.kmd \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\L1E62x64.sys \SystemRoot\system32\drivers\1394ohci.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\usbohci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\ASACPI.sys \SystemRoot\system32\DRIVERS\serenum.sys \SystemRoot\system32\DRIVERS\fdc.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\DRIVERS\flpydisk.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\viahduaa.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\drivers\LVUSBS64.sys \SystemRoot\system32\DRIVERS\CamDrL64.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\usbscan.sys \SystemRoot\system32\DRIVERS\usbprint.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\DRIVERS\LEqdUsb.Sys \SystemRoot\system32\DRIVERS\LHidFilt.Sys \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\LHidEqd.Sys \SystemRoot\system32\DRIVERS\LMouFilt.Sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \??\C:\Windows\system32\drivers\aswMonFlt.sys \SystemRoot\System32\Drivers\aswFsBlk.SYS \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\drivers\tcpipreg.sys \??\C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl \SystemRoot\system32\DRIVERS\NisDrvWFP.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\system32\DRIVERS\asyncmac.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\Wldap32.dll \Windows\System32\psapi.dll \Windows\System32\normaliz.dll \Windows\System32\iertutil.dll \Windows\System32\sechost.dll \Windows\System32\clbcatq.dll \Windows\System32\ws2_32.dll \Windows\System32\msctf.dll \Windows\System32\advapi32.dll \Windows\System32\difxapi.dll \Windows\System32\usp10.dll \Windows\System32\setupapi.dll \Windows\System32\imm32.dll \Windows\System32\msvcrt.dll \Windows\System32\user32.dll \Windows\System32\nsi.dll \Windows\System32\lpk.dll \Windows\System32\ole32.dll \Windows\System32\kernel32.dll \Windows\System32\imagehlp.dll \Windows\System32\urlmon.dll \Windows\System32\wininet.dll \Windows\System32\shlwapi.dll \Windows\System32\comdlg32.dll \Windows\System32\oleaut32.dll \Windows\System32\shell32.dll \Windows\System32\rpcrt4.dll \Windows\System32\gdi32.dll \Windows\System32\cfgmgr32.dll \Windows\System32\comctl32.dll \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll \Windows\System32\wintrust.dll \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll \Windows\System32\crypt32.dll \Windows\System32\devobj.dll \Windows\System32\KernelBase.dll \Windows\System32\msasn1.dll \Windows\SysWOW64\normaliz.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk4\DR4 Upper Device Object: 0xfffffa8005404790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000092\ Lower Device Object: 0xfffffa800625fa30 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk3\DR3 Upper Device Object: 0xfffffa8006388790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000091\ Lower Device Object: 0xfffffa8006236b60 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk2\DR2 Upper Device Object: 0xfffffa80063a1790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000081\ Lower Device Object: 0xfffffa800616bb60 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xfffffa8004a12060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T1L0-2\ Lower Device Object: 0xfffffa8004999060 Lower Device Driver Name: \Driver\atapi\ <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8004a11060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\ Lower Device Object: 0xfffffa8003ae0680 Lower Device Driver Name: \Driver\atapi\ <<<2>>> Device number: 0, partition: 1 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8004a11060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80048ec940, DeviceName: Unknown, DriverName: \Driver\snapman\ DevicePointer: 0xfffffa8004a11c20, DeviceName: Unknown, DriverName: \Driver\tdrpman228\ DevicePointer: 0xfffffa80048e99f0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8004a11060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80048ce9b0, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa8003ae0680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: Unknown, DriverName: \Driver\tdrpman228\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> Device number: 0, partition: 1 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 1 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 97A25D38 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800000 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 204802048 Numsec = 771966976 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 500107862016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)... Done! Physical Sector Size: 512 Drive: 1, DevicePointer: 0xfffffa8004a12060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80048f4870, DeviceName: Unknown, DriverName: \Driver\snapman\ DevicePointer: 0xfffffa80048f2e30, DeviceName: Unknown, DriverName: \Driver\tdrpman228\ DevicePointer: 0xfffffa8004a12b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8004a12060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80048d69b0, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa8004999060, DeviceName: \Device\Ide\IdeDeviceP0T1L0-2\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: Unknown, DriverName: \Driver\tdrpman228\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: 852A1E48 Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 1953519616 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 1000204886016 bytes Sector size: 512 bytes Done! Physical Sector Size: 0 Drive: 2, DevicePointer: 0xfffffa80063a1790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80061b3940, DeviceName: Unknown, DriverName: \Driver\snapman\ DevicePointer: 0xfffffa80061ade30, DeviceName: Unknown, DriverName: \Driver\tdrpman228\ DevicePointer: 0xfffffa80061afb90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa80063a1790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800616bb60, DeviceName: \Device\00000081\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 3, DevicePointer: 0xfffffa8006388790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800622fba0, DeviceName: Unknown, DriverName: \Driver\snapman\ DevicePointer: 0xfffffa800625cd20, DeviceName: Unknown, DriverName: \Driver\tdrpman228\ DevicePointer: 0xfffffa8006256850, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8006388790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8006236b60, DeviceName: \Device\00000091\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 4, DevicePointer: 0xfffffa8005404790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800621faf0, DeviceName: Unknown, DriverName: \Driver\snapman\ DevicePointer: 0xfffffa800621fd00, DeviceName: Unknown, DriverName: \Driver\tdrpman228\ DevicePointer: 0xfffffa8006246b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8005404790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800625fa30, DeviceName: \Device\00000092\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Scan finished ======================================= Removal queue found; removal started Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_r.mbam... Removal finished The computer seems to be running well. Let me know if I need to re-scan anything I missed or what other next steps you recommend. I really appreciate your great help.
  6. An update: subsequent to the previous post, I reactivated Avast and using the updater I updated the out of date programs if found, except I did not update Java. I am concerned about the infected file that was skipped during the Kaspersky Rescue Disk 10 scan, and how best to dispose of it before doing any update for Java. Thanks again.
  7. The computer is now running better. In reply to the bad MBAE site evidently I was being redirected. I checked the Proxy server settings (Control Panel>Network and Internet>Internet Options under Connections Tab under LAN settings) and "use a Proxy server" was already unchecked. I created a DVD+R of the Kaspersky Rescue Disk 10 and booted to it, it ran successfully and the log is below. It took about 5 hours to run. It stopped at 99% with an action required from me. As shown in the log, one object a Trojan Program: Heur.Exploit.Java.CVE-2013-2423.gen located in my Appdata was marked to either: -Disinfection is not possible Reason:cannot be disinfected -Delete archive Archive file will be deleted -Skip (recommended) Do not perform any action So I entered "Skip" and it finished running. Does this object need further action? I tried to download Avast and got the message (same message I was receiving for all downloads) "avast_free_antivirus_setup.exe contained a virus and was deleted". Similarly tried to download ComboFix and got the similar message. So I downloaded both from another computer to a USB drive and copied the files over to the Desktop. The Avast installation was successful and I ran a complete scan, which took almost 14 hours. I viewed the log file but I could not find a .txt file of the log so will summarize the results: it found two infected .mp3 files on the E: as WMA:Wimad[susp] and about 150 errors most were classified as either Error: Incorrect function which included the Microsoft Security Client programs, or Error: The system cannot find the path specified. Also the Avast updater function found several programs needing update, including Java. However when trying to update them I was unable to download the update files and got the same download message as above. Then I ran the ComboFix successfully and it found an infection, and it automatically rebooted. I tried to open IE and got the message "Illegal operation...marked for deletion" so I rebooted again and am now able to run IE explorer again. Also the MSE Action Center is now working and am able to update Windows. However I am not able to run DDS successfully as it still returns a .txt file of garbled text. I checked that Word Wrap is off in Notepad. I think I have had this DDS problem from some time earlier. Below are the log files starting with Kaspersky Rescue Disk 10: Objects Scan: completed 3 minutes ago (events: 11, objects: 3449634, time: 05:41:07) 7/8/13 3:39 PM Task completed 7/8/13 3:39 PM Detected: HEUR:Exploit.Java.CVE-2013-2423.gen C:/Users/Mark/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/39/6cd214a7-1b214f78 7/8/13 3:39 PM Untreated: HEUR:Exploit.Java.CVE-2013-2423.gen C:/Users/Mark/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/39/6cd214a7-1b214f78 Skipped by user 7/8/13 2:56 PM Detected: HEUR:Exploit.Java.CVE-2013-2423.gen C:/Users/Mark/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/39/6cd214a7-1b214f78 7/8/13 1:12 PM Detected: HEUR:Exploit.Java.CVE-2013-2423.gen C:/Users/Mark/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/39/6cd214a7-1b214f78 7/8/13 1:12 PM Untreated: HEUR:Exploit.Java.CVE-2013-2423.gen C:/Users/Mark/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/39/6cd214a7-1b214f78 Postponed 7/8/13 1:12 PM Detected: HEUR:Exploit.Java.CVE-2013-2423.gen C:/Users/Mark/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/39/6cd214a7-1b214f78 7/8/13 11:01 AM Detected: HEUR:Exploit.Java.CVE-2013-2423.gen C:/Users/Mark/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/39/6cd214a7-1b214f78 7/8/13 11:01 AM Untreated: HEUR:Exploit.Java.CVE-2013-2423.gen C:/Users/Mark/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/39/6cd214a7-1b214f78 Postponed 7/8/13 11:01 AM Detected: HEUR:Exploit.Java.CVE-2013-2423.gen C:/Users/Mark/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/39/6cd214a7-1b214f78 7/8/13 9:58 AM Task started ComboFix 13-07-09.01 - Mark 07/09/2013 8:32.5.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2071 [GMT -6:00] Running from: c:\users\Mark\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Mark\g2mdlhlpx.exe . Infected copy of c:\windows\system32\Services.exe was found and disinfected Restored copy from - c:\windows\ERDNT\cache64\services.exe . . ((((((((((((((((((((((((( Files Created from 2013-06-09 to 2013-07-09 ))))))))))))))))))))))))))))))) . . 2013-07-09 14:41 . 2013-07-09 14:41 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-07-09 14:41 . 2013-07-09 14:41 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-07-09 14:41 . 2013-07-09 14:41 -------- d-----w- c:\users\Melissa\AppData\Local\temp 2013-07-09 14:41 . 2013-07-09 14:41 -------- d-----w- c:\users\Kim\AppData\Local\temp 2013-07-09 14:41 . 2013-07-09 14:41 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-07-09 14:41 . 2013-07-09 14:41 -------- d-----w- c:\users\Carol\AppData\Local\temp 2013-07-08 22:18 . 2013-07-08 22:25 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-07-08 22:18 . 2013-05-09 08:59 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-07-07 18:36 . 2013-07-07 19:11 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-07-07 17:55 . 2013-07-07 17:55 -------- d-----w- c:\users\Mark\SecurityCheck 2013-07-05 14:08 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B8D33247-A38C-469D-9C5C-6105CCE70617}\mpengine.dll 2013-07-04 14:30 . 2013-07-04 14:30 -------- d-----w- c:\program files (x86)\Common Files\Skype 2013-07-02 14:34 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-06-27 18:25 . 2013-06-27 18:25 9793536 ----a-w- c:\programdata\Microsoft\BingDesktop\Updater\BingDesktop.msi 2013-06-22 12:19 . 2013-06-22 12:19 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E32AE5AB-B4FE-4C01-A164-75218BFD943E}\gapaengine.dll 2013-06-20 15:59 . 2013-06-20 16:19 -------- d-----w- c:\users\Melissa\AppData\Local\ACD Systems 2013-06-19 00:02 . 2013-06-19 00:02 -------- d-----w- c:\users\Mark\AppData\Roaming\Sling Media 2013-06-19 00:01 . 2013-06-19 00:01 -------- d-----w- c:\program files (x86)\Sling Media 2013-06-12 18:30 . 2013-05-17 01:25 257536 ----a-w- c:\program files (x86)\Internet Explorer\ieproxy.dll 2013-06-12 15:56 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-06-12 15:55 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll 2013-06-12 15:55 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-06-12 15:55 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll 2013-06-12 15:55 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll 2013-06-12 15:54 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll 2013-06-12 15:54 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll 2013-06-12 15:54 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe 2013-06-12 15:54 . 2013-05-13 05:51 1464320 ----a-w- c:\windows\system32\crypt32.dll 2013-06-12 15:54 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe 2013-06-12 15:54 . 2013-05-13 05:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2013-06-12 15:54 . 2013-05-13 05:51 139776 ----a-w- c:\windows\system32\cryptnet.dll 2013-06-12 15:54 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll 2013-06-12 15:54 . 2013-05-13 04:45 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2013-06-12 15:54 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll 2013-06-12 15:54 . 2013-05-13 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2013-06-12 15:54 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll 2013-06-12 15:53 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll 2013-06-12 15:53 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll 2013-06-12 14:24 . 2013-06-12 14:24 9089416 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-08 22:25 . 2012-11-09 16:03 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-07-08 22:25 . 2012-11-09 16:03 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-06-12 18:30 . 2009-12-12 13:11 75825640 ----a-w- c:\windows\system32\MRT.exe 2013-06-12 14:24 . 2012-03-29 13:34 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-06-12 14:24 . 2011-05-15 04:30 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-05 19:40 . 2012-12-18 13:53 94344 ----a-w- c:\programdata\Microsoft\BingDesktop\Updater\BingDesktopRestarter.exe 2013-05-22 13:19 . 2011-03-28 01:59 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2013-05-16 02:00 . 2010-06-24 17:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-09 08:59 . 2012-11-09 16:03 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2013-05-09 08:59 . 2012-11-09 16:03 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-05-09 08:59 . 2012-11-09 16:03 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2013-05-09 08:59 . 2012-11-09 16:03 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-05-09 08:58 . 2012-11-09 16:03 41664 ----a-w- c:\windows\avastSS.scr 2013-05-09 08:58 . 2012-11-09 16:03 287840 ----a-w- c:\windows\system32\aswBoot.exe 2013-05-02 15:29 . 2009-10-10 04:49 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-05-01 09:59 . 2013-05-01 09:59 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2013-05-01 09:59 . 2013-05-01 09:59 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2013-04-13 05:49 . 2013-05-16 01:55 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49 . 2013-05-16 01:55 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49 . 2013-05-16 01:55 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49 . 2013-05-16 01:55 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45 . 2013-05-16 01:55 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45 . 2013-05-16 01:55 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-04-12 14:45 . 2013-04-24 13:47 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2013-06-27 2249352] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-15 152392] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . R1 qkgjsmap;qkgjsmap;c:\windows\system32\drivers\qkgjsmap.sys;c:\windows\SYSNATIVE\drivers\qkgjsmap.sys [x] R1 ukhilwmp;ukhilwmp;c:\windows\system32\drivers\ukhilwmp.sys;c:\windows\SYSNATIVE\drivers\ukhilwmp.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS;c:\windows\SYSNATIVE\drivers\BVRPMPR5a64.SYS [x] R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys;c:\windows\SYSNATIVE\Drivers\motoandroid.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;NisSrv;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [x] S0 aswRvrt;aswRvrt; [x] S0 aswVmm;aswVmm; [x] S0 tdrpman228;Acronis Try&Decide and Restore Points filter (build 228);c:\windows\system32\DRIVERS\tdrpm228.sys;c:\windows\SYSNATIVE\DRIVERS\tdrpm228.sys [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\DRIVERS\CLBStor.sys;c:\windows\SYSNATIVE\DRIVERS\CLBStor.sys [x] S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2012/05/12 21:11];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl;c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [x] S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x] S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [x] S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe;c:\asus.sys\config\DVMExportService.exe [x] S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x] S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x] S2 KSS;Kaspersky Security Scan Service;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [x] S2 MotoHelper.exe;Motorola Helper;c:\program files (x86)\Motorola\Moto Helper Service\MotoHelper.exe;c:\program files (x86)\Motorola\Moto Helper Service\MotoHelper.exe [x] S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [x] S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [x] S3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);c:\windows\system32\DRIVERS\CamDrL64.sys;c:\windows\SYSNATIVE\DRIVERS\CamDrL64.sys [x] S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x] S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x] S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x] . . --- Other Services/Drivers In Memory --- . *Deregistered* - Avgtdia . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2011-01-19 22:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-06-20 15:16 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-07-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 14:24] . 2013-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-11 15:39] . 2013-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-11 15:39] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2013-06-07 05:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2013-06-07 05:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2013-06-07 05:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2013-06-07 05:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2013-06-07 05:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2013-06-07 05:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local>;192.168.*.*;*.local IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 Trusted Zone: microsoft.com\update TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{E167CDFB-4221-440A-A4B5-7D92B3536C51}: DhcpNameServer = 10.0.0.1 DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB . - - - - ORPHANS REMOVED - - - - . HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start HKLM-Run-MSC - c:\program files\Microsoft Security Client\mssecex.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.032" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.abr" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.amr" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.ani" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.apd" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.art\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.art" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.arw" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.bay" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.bmp" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.bw" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bwf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.bwf" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.caf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.caf" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdda\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.cdda" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cel\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.cel" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.cr2" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.crw" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.cs1" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.cur" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.dcr" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.dcx" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.dib" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.djv" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.djvu" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.dng" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.emf" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.eps" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.erf" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.fff" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.flc" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fli\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.fli" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.fpx" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.gif" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gsm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.gsm" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.hdr" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.icl" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.icn" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.ico" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.iff" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.ilbm" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.int" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.inta" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.iw4" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.j2c" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.j2k" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jbr" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jfif" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jif" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jp2" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jpc" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jpe" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jpeg" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice] @Denied: (2) (S-1-5-21-3966502806-3752072180-1350753476-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jpg" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jpk" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jpx" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kar\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.kar" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.kdc" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.lbm" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m15\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.m15" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.m1a" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.m2a" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice] @Denied: (2) (S-1-5-21-3966502806-3752072180-1350753476-1000) @Denied: (2) (LocalSystem) "Progid"="QuickTime.m4a" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4b\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.m4b" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4p\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.m4p" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.m75" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mag\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.mag" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.mef" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.mos" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.mpv" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.mrw" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.nef" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.nrw" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.orf" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pbm" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pbr" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pcd" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pct" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pcx" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pef" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pgm" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pic" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pics" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pict" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pix" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.png" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.ppm" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.psd" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.psp" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pspbrush" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pspimage" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qcp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.qcp" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.qtpf" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.raf" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.ras" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.raw" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.rgb" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.rgba" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.rle" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.rsb" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.rw2" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.rwl" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdv\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.sdv" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.sfil" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.sgi" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.smf" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smi\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.smi" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smil\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.smil" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.sml" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.sr2" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.srf" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.srw" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.swa" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.tga" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.thm" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.tif" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.tiff" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.ttc" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.ttf" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.ulw" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.v30po" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.v30pp" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.v30ppf" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.vfw" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.wbm" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.wbmp" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.wmf" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.xbm" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.xif" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.xmp" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.xpm" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\DAODx.exe c:\program files (x86)\ASUS\EPU\EPU.exe c:\program files (x86)\Google\Update\1.3.21.149\GoogleCrashHandler.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe c:\program files (x86)\CyberLink\Shared files\RichVideo.exe c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe . ************************************************************************** . Completion time: 2013-07-09 08:51:12 - machine was rebooted ComboFix-quarantined-files.txt 2013-07-09 14:51 ComboFix2.txt 2012-11-13 15:39 ComboFix3.txt 2012-11-13 05:06 . Pre-Run: 5,556,174,848 bytes free Post-Run: 5,613,256,704 bytes free . - - End Of File - - F7C3DAF082FDE3B2016CBABB4C882C16 A36C5E4F47E84449FF07ED3517B43A31 Thanks so much for your excellent help. It took a while to complete all your recommended actions but the computer is working much better now I expect there is still more work to do so I will await your next instructions.
  8. Thank you for your reply and instructions. I was able to run prepare the USB drive and boot from it to run HitmanPro.Kickstart and also was able to run MBAR and Security Check, but still not DDS. I first tried preparing the USB drive from my laptop which is still running XP and that didn't work, so I used a neighbor's computer that is running Win7 64-bit to prepare the USB drive. HitmanPro found and removed several Trojans named ZeroAccess and also repaired two instances of "Proxy server on this computer (User)" however upon running HitmanPro.Kickstart again several times these two instances of "Proxy server on this computer (User)" keep recurring despite it repairing them. In trying to download MBAR it would not let me and gave a message that it contained a virus and was deleted. I then downloaded and unzipped the MBAR folder on another computer and copied it over via USB drive. In trying to run it the first time it wanted to update it from www.malwarebytes.org/products/mbar but this seems to be a bad site. After rebooting again with HitmanPro I was able to run MBAR as administrator and it did not find anything (log files below). Still when trying to run DDS it returns a text file of garbled text. Also it still won't let me download it directly as it returns the message: "dds.scr contained a virus and was deleted". Also I still cannot turn on Windows Defender in Microsoft Security Action Center or update Windows. Below are the logs: Malwarebytes Anti-Rootkit BETA 1.06.0.1004 www.malwarebytes.org Database version: v2013.06.01.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16618 Mark :: HOME [administrator] 7/7/2013 12:58:59 PM mbar-log-2013-07-07 (12-58-59).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P Scan options disabled: PUP Objects scanned: 365084 Time elapsed: 12 minute(s), 12 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.06.0.1004 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.16618 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, I:\ DRIVE_FIXED CPU speed: 3.211000 GHz Memory total: 4294107136, free: 2692993024 Initializing... ------------ Kernel report ------------ 07/07/2013 12:36:00 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_AuthenticAMD.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\pciide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\DRIVERS\MpFilter.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\system32\DRIVERS\tdrpm228.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\system32\DRIVERS\snapman.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\AtiPcie.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\CLBStor.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\serial.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\SysWow64\drivers\AsIO.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\amdppm.sys \SystemRoot\system32\DRIVERS\nvlddmkm.sys \SystemRoot\System32\Drivers\nvBridge.kmd \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\L1E62x64.sys \SystemRoot\system32\drivers\1394ohci.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\usbohci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\ASACPI.sys \SystemRoot\system32\DRIVERS\serenum.sys \SystemRoot\system32\DRIVERS\fdc.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\DRIVERS\flpydisk.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\viahduaa.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\LEqdUsb.Sys \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\LHidEqd.Sys \SystemRoot\system32\DRIVERS\LHidFilt.Sys \SystemRoot\system32\DRIVERS\LMouFilt.Sys \SystemRoot\system32\drivers\LVUSBS64.sys \SystemRoot\system32\DRIVERS\usbscan.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\usbprint.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\CamDrL64.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\drivers\tcpipreg.sys \??\C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\setupapi.dll \Windows\System32\oleaut32.dll \Windows\System32\Wldap32.dll \Windows\System32\kernel32.dll \Windows\System32\wininet.dll \Windows\System32\shlwapi.dll \Windows\System32\imm32.dll \Windows\System32\user32.dll \Windows\System32\sechost.dll \Windows\System32\psapi.dll \Windows\System32\ole32.dll \Windows\System32\lpk.dll \Windows\System32\advapi32.dll \Windows\System32\comdlg32.dll \Windows\System32\rpcrt4.dll \Windows\System32\iertutil.dll \Windows\System32\gdi32.dll \Windows\System32\nsi.dll \Windows\System32\shell32.dll \Windows\System32\difxapi.dll \Windows\System32\normaliz.dll \Windows\System32\imagehlp.dll \Windows\System32\ws2_32.dll \Windows\System32\urlmon.dll \Windows\System32\usp10.dll \Windows\System32\msvcrt.dll \Windows\System32\clbcatq.dll \Windows\System32\msctf.dll \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll \Windows\System32\wintrust.dll \Windows\System32\comctl32.dll \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll \Windows\System32\cfgmgr32.dll \Windows\System32\crypt32.dll \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll \Windows\System32\devobj.dll \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll \Windows\System32\KernelBase.dll \Windows\System32\msasn1.dll \Windows\SysWOW64\normaliz.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk5\DR5 Upper Device Object: 0xfffffa800675c790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000008c\ Lower Device Object: 0xfffffa8006758b60 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk4\DR4 Upper Device Object: 0xfffffa800676a060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000008b\ Lower Device Object: 0xfffffa800674ab60 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk3\DR3 Upper Device Object: 0xfffffa800655e790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000081\ Lower Device Object: 0xfffffa8006558b60 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk2\DR2 Upper Device Object: 0xfffffa80053c0790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000007e\ Lower Device Object: 0xfffffa800608d8e0 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xfffffa8004a20060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T1L0-2\ Lower Device Object: 0xfffffa80049a7060 Lower Device Driver Name: \Driver\atapi\ <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8004a1f060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\ Lower Device Object: 0xfffffa8003ac9680 Lower Device Driver Name: \Driver\atapi\ <<<2>>> Device number: 0, partition: 1 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8004a1f060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80048fba20, DeviceName: Unknown, DriverName: \Driver\snapman\ DevicePointer: 0xfffffa80048f89e0, DeviceName: Unknown, DriverName: \Driver\tdrpman228\ DevicePointer: 0xfffffa8004a1fb90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8004a1f060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80048d79b0, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa8003ac9680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: Unknown, DriverName: \Driver\tdrpman228\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> Device number: 0, partition: 1 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 1 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 97A25D38 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800000 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 204802048 Numsec = 771966976 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 500107862016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)... Done! Physical Sector Size: 512 Drive: 1, DevicePointer: 0xfffffa8004a20060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8004902940, DeviceName: Unknown, DriverName: \Driver\snapman\ DevicePointer: 0xfffffa8004a20980, DeviceName: Unknown, DriverName: \Driver\tdrpman228\ DevicePointer: 0xfffffa8004a20b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8004a20060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80048e39b0, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa80049a7060, DeviceName: \Device\Ide\IdeDeviceP0T1L0-2\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: Unknown, DriverName: \Driver\tdrpman228\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: 852A1E48 Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 1953519616 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 1000204886016 bytes Sector size: 512 bytes Done! Physical Sector Size: 0 Drive: 2, DevicePointer: 0xfffffa80053c0790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8006167d30, DeviceName: Unknown, DriverName: \Driver\snapman\ DevicePointer: 0xfffffa800613fc40, DeviceName: Unknown, DriverName: \Driver\tdrpman228\ DevicePointer: 0xfffffa800539cb90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa80053c0790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800608d8e0, DeviceName: \Device\0000007e\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 512 Drive: 3, DevicePointer: 0xfffffa800655e790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8006553940, DeviceName: Unknown, DriverName: \Driver\snapman\ DevicePointer: 0xfffffa8006556840, DeviceName: Unknown, DriverName: \Driver\tdrpman228\ DevicePointer: 0xfffffa8006555410, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800655e790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8006558b60, DeviceName: \Device\00000081\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Alternate DeviceName: Unknown, DriverName: \Driver\tdrpman228\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 3 Scanning MBR on drive 3... Inspecting partition table: MBR Signature: 55AA Disk Signature: 75239B6E Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 3907024896 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 2000398934016 bytes Sector size: 512 bytes Done! Physical Sector Size: 0 Drive: 4, DevicePointer: 0xfffffa800676a060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80066342f0, DeviceName: Unknown, DriverName: \Driver\snapman\ DevicePointer: 0xfffffa80065575f0, DeviceName: Unknown, DriverName: \Driver\tdrpman228\ DevicePointer: 0xfffffa80067507e0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800676a060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800674ab60, DeviceName: \Device\0000008b\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 5, DevicePointer: 0xfffffa800675c790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80065c4720, DeviceName: Unknown, DriverName: \Driver\snapman\ DevicePointer: 0xfffffa8006609670, DeviceName: Unknown, DriverName: \Driver\tdrpman228\ DevicePointer: 0xfffffa8006753b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800675c790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8006758b60, DeviceName: \Device\0000008c\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Scan finished ======================================= Removal queue found; removal started Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_r.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_3_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_3_r.mbam... Removal finished --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.06.0.1004 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.16618 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, I:\ DRIVE_FIXED CPU speed: 3.210000 GHz Memory total: 4294107136, free: 2762739712 Initializing... ------------ Kernel report ------------ 07/07/2013 12:58:54 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_AuthenticAMD.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\pciide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\DRIVERS\MpFilter.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\system32\DRIVERS\tdrpm228.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\system32\DRIVERS\snapman.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\AtiPcie.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\CLBStor.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\serial.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\SysWow64\drivers\AsIO.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\amdppm.sys \SystemRoot\system32\DRIVERS\nvlddmkm.sys \SystemRoot\System32\Drivers\nvBridge.kmd \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\L1E62x64.sys \SystemRoot\system32\drivers\1394ohci.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\usbohci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\ASACPI.sys \SystemRoot\system32\DRIVERS\serenum.sys \SystemRoot\system32\DRIVERS\fdc.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\DRIVERS\flpydisk.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\viahduaa.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\LEqdUsb.Sys \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\LHidEqd.Sys \SystemRoot\system32\DRIVERS\LHidFilt.Sys \SystemRoot\system32\DRIVERS\LMouFilt.Sys \SystemRoot\system32\drivers\LVUSBS64.sys \SystemRoot\system32\DRIVERS\usbscan.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\usbprint.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\CamDrL64.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\drivers\tcpipreg.sys \??\C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\ole32.dll \Windows\System32\sechost.dll \Windows\System32\rpcrt4.dll \Windows\System32\clbcatq.dll \Windows\System32\normaliz.dll \Windows\System32\urlmon.dll \Windows\System32\oleaut32.dll \Windows\System32\setupapi.dll \Windows\System32\ws2_32.dll \Windows\System32\wininet.dll \Windows\System32\msctf.dll \Windows\System32\lpk.dll \Windows\System32\kernel32.dll \Windows\System32\shlwapi.dll \Windows\System32\msvcrt.dll \Windows\System32\imagehlp.dll \Windows\System32\Wldap32.dll \Windows\System32\user32.dll \Windows\System32\iertutil.dll \Windows\System32\nsi.dll \Windows\System32\advapi32.dll \Windows\System32\difxapi.dll \Windows\System32\psapi.dll \Windows\System32\imm32.dll \Windows\System32\usp10.dll \Windows\System32\shell32.dll \Windows\System32\comdlg32.dll \Windows\System32\gdi32.dll \Windows\System32\KernelBase.dll \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll \Windows\System32\wintrust.dll \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll \Windows\System32\comctl32.dll \Windows\System32\crypt32.dll \Windows\System32\cfgmgr32.dll \Windows\System32\devobj.dll \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll \Windows\System32\msasn1.dll \Windows\SysWOW64\normaliz.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk5\DR5 Upper Device Object: 0xfffffa8006772790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000008c\ Lower Device Object: 0xfffffa8006723b60 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk4\DR4 Upper Device Object: 0xfffffa8006771790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000008b\ Lower Device Object: 0xfffffa8006753b60 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk3\DR3 Upper Device Object: 0xfffffa8006577060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000081\ Lower Device Object: 0xfffffa8006598550 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk2\DR2 Upper Device Object: 0xfffffa80062b1790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000007e\ Lower Device Object: 0xfffffa80058efb60 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xfffffa8004a11060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T1L0-2\ Lower Device Object: 0xfffffa8004998060 Lower Device Driver Name: \Driver\atapi\ <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8004a10060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\ Lower Device Object: 0xfffffa8003ac9680 Lower Device Driver Name: \Driver\atapi\ <<<2>>> Device number: 0, partition: 1 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8004a10060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80048eba20, DeviceName: Unknown, DriverName: \Driver\snapman\ DevicePointer: 0xfffffa80048e88a0, DeviceName: Unknown, DriverName: \Driver\tdrpman228\ DevicePointer: 0xfffffa8004a10b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8004a10060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80048c89b0, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa8003ac9680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: Unknown, DriverName: \Driver\tdrpman228\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> Device number: 0, partition: 1 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 1 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 97A25D38 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800000 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 204802048 Numsec = 771966976 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 500107862016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)... Done! Physical Sector Size: 512 Drive: 1, DevicePointer: 0xfffffa8004a11060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80048f18f0, DeviceName: Unknown, DriverName: \Driver\snapman\ DevicePointer: 0xfffffa80048ed8f0, DeviceName: Unknown, DriverName: \Driver\tdrpman228\ DevicePointer: 0xfffffa8004a11b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8004a11060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80048d49b0, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa8004998060, DeviceName: \Device\Ide\IdeDeviceP0T1L0-2\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: Unknown, DriverName: \Driver\tdrpman228\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: 852A1E48 Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 1953519616 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 1000204886016 bytes Sector size: 512 bytes Done! Physical Sector Size: 0 Drive: 2, DevicePointer: 0xfffffa80062b1790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8006139d70, DeviceName: Unknown, DriverName: \Driver\snapman\ DevicePointer: 0xfffffa8006135b70, DeviceName: Unknown, DriverName: \Driver\tdrpman228\ DevicePointer: 0xfffffa8006118860, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa80062b1790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80058efb60, DeviceName: \Device\0000007e\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 512 Drive: 3, DevicePointer: 0xfffffa8006577060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8006575c10, DeviceName: Unknown, DriverName: \Driver\snapman\ DevicePointer: 0xfffffa8006572390, DeviceName: Unknown, DriverName: \Driver\tdrpman228\ DevicePointer: 0xfffffa8006577910, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8006577060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8006598550, DeviceName: \Device\00000081\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Alternate DeviceName: Unknown, DriverName: \Driver\tdrpman228\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 3 Scanning MBR on drive 3... Inspecting partition table: MBR Signature: 55AA Disk Signature: 75239B6E Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 3907024896 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 2000398934016 bytes Sector size: 512 bytes Done! Physical Sector Size: 0 Drive: 4, DevicePointer: 0xfffffa8006771790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8006640e30, DeviceName: Unknown, DriverName: \Driver\snapman\ DevicePointer: 0xfffffa80062cccd0, DeviceName: Unknown, DriverName: \Driver\tdrpman228\ DevicePointer: 0xfffffa8006771040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8006771790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8006753b60, DeviceName: \Device\0000008b\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 5, DevicePointer: 0xfffffa8006772790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800654a630, DeviceName: Unknown, DriverName: \Driver\snapman\ DevicePointer: 0xfffffa800663b780, DeviceName: Unknown, DriverName: \Driver\tdrpman228\ DevicePointer: 0xfffffa8006759040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8006772790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8006723b60, DeviceName: \Device\0000008c\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Scan finished ======================================= Removal queue found; removal started Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_r.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_3_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_3_r.mbam... Removal finished Results of screen317's Security Check version 0.99.68 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Sophos Anti-Rootkit 1.5.4 Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 11 Java version out of Date! Adobe Flash Player 11.7.700.224 Adobe Reader 10.1.7 Adobe Reader out of Date! Google Chrome 27.0.1453.110 Google Chrome 27.0.1453.116 ````````Process Check: objlist.exe by Laurent```````` Kaspersky Lab Kaspersky Security Scan 2.0 kss.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 2% ````````````````````End of Log`````````````````````` Thank you for your help so far. I will await your next instructions.
  9. Please help. Internet Explorer is redirecting to unwanted sites and popups. I cannot run Microsoft Security Essentials I receive the message "Action Center can't turn on Windows Defender. Please try again later" and I cannot uninstall it. I receive a message "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item". I cannot download or install Avast! I get a message that the download contains a virus and is deleted. The DDS will not download I get same message that the download contains a virus and is deleted. I downloaded DDS to a USB flash drive on another computer and copied it to the deskstop but it will not run - it returns a text file of garbled text. I did first run a MBAM quick scan, restarted and then a full MBAM scan and the full scan log is attached. Although it says the rootkit was deleted during the scans, it seems to come back every time after startup. Also I ran the Checkup and the log is attached. I also ran Kaspersky online and received a popup report. All of these are posted below: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.07.06.04 Windows 7 Service Pack 1 x64 NTFS (Safe Mode) Internet Explorer 10.0.9200.16618 Mark :: HOME [administrator] 7/6/2013 10:01:54 AM mbam-log-2013-07-06 (10-01-54).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 617448 Time elapsed: 1 hour(s), 11 minute(s), 49 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Windows\Installer\{1ddc00af-aeec-273d-a057-87e25817becd}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully. (end) Results of screen317's Security Check version 0.99.68 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Sophos Anti-Rootkit 1.5.4 Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 11 Java version out of Date! Adobe Flash Player 11.7.700.224 Adobe Reader 10.1.7 Adobe Reader out of Date! Google Chrome 27.0.1453.110 Google Chrome 27.0.1453.116 ````````Process Check: objlist.exe by Laurent```````` Kaspersky Lab Kaspersky Security Scan 2.0 kss.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log`````````````````````` Kaspersky Scan popup results, text copied from the screen: Detailed report Problems found Scanning date: Database update date: Product version: 07/06/2013 09:42 AM 07/03/2013 02:34 AM 12.0.1.117 (a.b) Computer protection (1) Information about anti-virus software and firewalls installed on the computer. . Kaspersky recommends . Anti-virus is not installed. Malware (0) Information about malware detected on the computer. . . Vulnerabilities (0) Information about applications and operating system components in which vulnerabilities have been detected. Other issues (7) Information about vulnerabilities associated with the settings of installed applications and the operating system. 1. "CD/DVD autorun is enabled" 2. "Microsoft Internet Explorer - disable caching data received via protected channel" 3. "Microsoft Internet Explorer: disable sending error reports" 4. "Microsoft Internet Explorer: clear the list of trusted domains" 5. "Microsoft Internet Explorer: clear list of pop-up blocker exceptions" 6. "Microsoft Internet Explorer: enable cache autocleanup on browser closing" 7. "Microsoft Internet Explorer: start page reset" I will greatly appreciate any assistance you can provide and will follow your guidance on next steps.
  10. I have been running the Kaspersky Security Scan for about 13 hours and it is 36% complete. I will continue to let it run in the background, but it may take another day to finish. I did download and run the Security Check, the log is below: Results of screen317's Security Check version 0.99.54 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Sophos Anti-Rootkit 1.5.4 Malwarebytes Anti-Malware version 1.65.1.1000 Java 7 Update 9 Adobe Flash Player 11.4.402.287 Adobe Reader X (10.1.4) Google Chrome 24.0.1312.14 Google Chrome 24.0.1312.5 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Kaspersky Lab Kaspersky Security Scan 2.0 kss.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 3% ````````````````````End of Log`````````````````````` I don't recall exactly if the last time I ran ESET whether it said it quarantined the threat, or what drive it was on at the time. I don't trust my memory on that. I will plan to do another ESET scan to ensure it finds nothing this next time around. I have been running MSE but it has obviously not been secure enough and has also missed bugs in the past. The only thing I like about it is that is simple to use and doesn't seem to slow down the computer at all or interfere with anything. However, I have been running Avast! on my laptop and have been happy with it since it does notify me when, and appears to stop and block attacks, from time to time. I tried to install it on this machine during my problems last week but it didn't appear to install fully at that time. I am thinking to disable MSE and to reinstall and use Avast! instead now. I will have to pause our diagnostic and cleanup efforts now for a couple weeks, since I am leaving town today and won't be back until December 2. The computer seems to be running great, better than it has in a while but will caution the other users here to use it sparingly if at all until I return. I hope we can pick up again at that time, but if you have other things going then I will understand. You have been terrific help and I don't know what I would do otherwise. When I return I will need your help to clean up the utilities and your good recommendations on software or techniques to help keep my maching running clean. So I will be finishing this with you in just a couple weeks after a pause, if that is ok.
  11. I followed instructions to delete and re-download combofix, and inserted the text, and it seemed to run successfully. I also ran the ESET online scanner, which took about 4 1/2 hours since I have a 500GB and 1TB internal drives, and a 2TB external drive with over a million files. The ESET said it found 1 threat and it finished with a pop-up to buy it; however it produced only a very short log file from the initial installation; perhaps I did not have it set correctly to record the log file? The machine is running well . I have turned back on the MSE for now. I expect there is more to do to finish the diagnostics so I will be extra cautious with it until your next reply. Thanks so much for your excellent help! ComboFix 12-11-13.02 - Mark 11/13/2012 8:21.4.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2704 [GMT -7:00] Running from: c:\users\Mark\Desktop\ComboFix.exe Command switches used :: c:\users\Mark\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_CLBUDF -------\Service_CLBUDF -------\Service_MEMSWEEP2 -------\Service_motccgp -------\Service_motccgpfl -------\Service_MotDev -------\Service_motport -------\Service_Normandy . . ((((((((((((((((((((((((( Files Created from 2012-10-13 to 2012-11-13 ))))))))))))))))))))))))))))))) . . 2012-11-13 15:28 . 2012-11-13 15:28 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-11-13 15:28 . 2012-11-13 15:28 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-11-13 15:28 . 2012-11-13 15:28 -------- d-----w- c:\users\Melissa\AppData\Local\temp 2012-11-13 15:28 . 2012-11-13 15:28 -------- d-----w- c:\users\Kim\AppData\Local\temp 2012-11-13 15:28 . 2012-11-13 15:28 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-13 15:28 . 2012-11-13 15:28 -------- d-----w- c:\users\Carol\AppData\Local\temp 2012-11-13 05:12 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{48331EF3-27E6-44F5-8A0D-B3B4668CB4FF}\mpengine.dll 2012-11-12 04:52 . 2012-11-12 04:52 -------- d-----w- C:\_OTL 2012-11-09 16:03 . 2012-10-30 23:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-11-09 16:03 . 2012-10-30 23:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-11-09 16:03 . 2012-10-15 16:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-11-09 16:03 . 2012-10-30 23:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-11-09 16:03 . 2012-10-30 23:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-11-09 16:03 . 2012-10-30 23:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-11-09 16:03 . 2012-10-30 23:50 285328 ----a-w- c:\windows\system32\aswBoot.exe 2012-11-09 16:03 . 2012-10-30 23:51 41224 ----a-w- c:\windows\avastSS.scr 2012-11-09 16:03 . 2012-10-30 23:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-11-09 16:03 . 2012-11-09 16:03 -------- d-----w- c:\programdata\AVAST Software 2012-11-09 16:03 . 2012-11-09 16:03 -------- d-----w- c:\program files\AVAST Software 2012-11-08 17:01 . 2012-11-11 21:42 -------- d-s---w- c:\users\Mark\Google Drive 2012-11-08 16:59 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-10-27 13:27 . 2012-08-23 15:09 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui 2012-10-27 13:27 . 2012-08-23 13:41 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2012-10-27 13:27 . 2012-08-23 13:40 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2012-10-27 13:27 . 2012-08-23 13:24 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll 2012-10-20 07:51 . 2012-10-02 17:09 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{453CF2FE-6256-414E-B5E5-58DD4C8C1A05}\gapaengine.dll 2012-10-17 16:54 . 2012-09-25 05:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-07 17:39 . 2012-03-29 13:34 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-11-07 17:39 . 2011-05-15 04:30 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-11 04:30 . 2009-12-12 13:11 65309168 ----a-w- c:\windows\system32\MRT.exe 2012-10-02 22:21 . 2012-10-12 17:00 9146728 ----a-w- c:\windows\system32\nvcuda.dll 2012-10-02 22:21 . 2012-10-12 17:00 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll 2012-10-02 22:21 . 2012-10-12 17:00 7414632 ----a-w- c:\windows\system32\nvopencl.dll 2012-10-02 22:21 . 2012-10-12 17:00 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll 2012-10-02 22:21 . 2012-10-12 17:00 2747240 ----a-w- c:\windows\system32\nvcuvid.dll 2012-10-02 22:21 . 2012-10-12 17:00 26331496 ----a-w- c:\windows\system32\nvoglv64.dll 2012-10-02 22:21 . 2012-10-12 17:00 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2012-10-02 22:21 . 2012-10-12 17:00 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-10-02 22:21 . 2012-10-12 17:00 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2012-10-02 22:21 . 2012-10-12 17:00 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2012-10-02 22:21 . 2012-10-12 17:00 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll 2012-10-02 22:21 . 2012-10-12 17:00 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2012-10-02 22:21 . 2012-10-12 17:00 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll 2012-10-02 22:21 . 2012-10-12 17:00 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2012-10-02 22:21 . 2012-10-12 17:00 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2012-10-02 22:21 . 2012-10-12 17:00 25256296 ----a-w- c:\windows\system32\nvcompiler.dll 2012-10-02 22:21 . 2012-10-12 17:00 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll 2012-10-02 22:21 . 2012-10-12 17:00 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2012-10-02 22:21 . 2012-02-10 04:43 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll 2012-10-02 22:21 . 2011-08-12 02:11 1760104 ----a-w- c:\windows\system32\nvdispco64.dll 2012-10-02 22:21 . 2009-09-28 05:12 2731880 ----a-w- c:\windows\system32\nvapi64.dll 2012-10-02 19:51 . 2011-01-08 02:49 3293544 ----a-w- c:\windows\system32\nvsvc64.dll 2012-10-02 19:51 . 2011-01-08 02:49 6200680 ----a-w- c:\windows\system32\nvcpl.dll 2012-10-02 19:50 . 2011-07-03 22:35 2557800 ----a-w- c:\windows\system32\nvsvcr.dll 2012-10-02 19:50 . 2011-01-08 02:48 891240 ----a-w- c:\windows\system32\nvvsvc.exe 2012-10-02 19:50 . 2011-01-08 02:48 118120 ----a-w- c:\windows\system32\nvmctray.dll 2012-10-02 19:50 . 2009-08-17 08:39 63336 ----a-w- c:\windows\system32\nvshext.dll 2012-10-02 19:15 . 2012-10-02 19:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2012-10-02 17:09 . 2011-03-28 01:59 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-09-30 02:54 . 2011-03-22 04:00 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-20 22:02 . 2012-09-20 22:02 1832760 ----a-w- c:\windows\system32\LogiLDA.DLL 2012-09-18 17:27 . 2012-09-18 17:27 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-09-18 17:27 . 2012-09-18 17:27 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-09-14 19:19 . 2012-10-10 16:46 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-10 16:46 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-08-31 18:19 . 2012-10-10 16:49 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-31 04:03 . 2012-08-31 04:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-08-31 04:03 . 2010-10-25 03:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2012-08-30 18:03 . 2012-10-10 16:48 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-10 16:48 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12 . 2012-10-10 16:48 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-08-24 18:05 . 2012-10-10 16:47 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-08-24 16:57 . 2012-10-10 16:47 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-08-24 11:15 . 2012-09-23 03:58 17810944 ----a-w- c:\windows\system32\mshtml.dll 2012-08-24 10:39 . 2012-09-23 03:58 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-08-24 10:31 . 2012-09-23 03:58 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-08-24 10:22 . 2012-09-23 03:58 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-08-24 10:21 . 2012-09-23 03:58 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 10:20 . 2012-09-23 03:58 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-24 10:18 . 2012-09-23 03:58 237056 ----a-w- c:\windows\system32\url.dll 2012-08-24 10:17 . 2012-09-23 03:58 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-08-24 10:14 . 2012-09-23 03:58 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-08-24 10:14 . 2012-09-23 03:58 816640 ----a-w- c:\windows\system32\jscript.dll 2012-08-24 10:13 . 2012-09-23 03:58 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-08-24 10:12 . 2012-09-23 03:58 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-08-24 10:11 . 2012-09-23 03:58 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-08-24 10:10 . 2012-09-23 03:58 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-08-24 10:09 . 2012-09-23 03:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-24 10:04 . 2012-09-23 03:58 248320 ----a-w- c:\windows\system32\ieui.dll 2012-08-24 06:59 . 2012-09-23 03:58 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-08-24 06:51 . 2012-09-23 03:58 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-08-24 06:51 . 2012-09-23 03:58 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-08-24 06:47 . 2012-09-23 03:58 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-08-24 06:47 . 2012-09-23 03:58 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-08-24 06:43 . 2012-09-23 03:58 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-08-22 18:12 . 2012-09-12 11:17 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-08-22 18:12 . 2012-09-12 11:18 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 18:12 . 2012-09-12 11:17 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 18:12 . 2012-09-12 11:17 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-21 21:01 . 2012-09-26 15:59 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-08-21 19:01 . 2012-09-19 14:32 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-08-21 19:01 . 2009-10-11 04:38 125872 ----a-w- c:\windows\system32\GEARAspi64.dll 2012-08-21 19:01 . 2009-10-11 04:38 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll 2012-08-20 18:48 . 2012-10-10 16:48 243200 ----a-w- c:\windows\system32\wow64.dll 2012-08-20 18:48 . 2012-10-10 16:48 362496 ----a-w- c:\windows\system32\wow64win.dll 2012-08-20 18:48 . 2012-10-10 16:48 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2012-08-20 18:48 . 2012-10-10 16:48 215040 ----a-w- c:\windows\system32\winsrv.dll 2012-08-20 18:48 . 2012-10-10 16:48 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2012-08-20 18:48 . 2012-10-10 16:48 424448 ----a-w- c:\windows\system32\KernelBase.dll 2012-08-20 18:48 . 2012-10-10 16:48 1162240 ----a-w- c:\windows\system32\kernel32.dll 2012-08-20 18:46 . 2012-10-10 16:48 338432 ----a-w- c:\windows\system32\conhost.exe 2012-08-20 18:38 . 2012-10-10 16:48 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:48 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:48 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-09-27 35840] R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 31744] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-07 1255736] R4 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2009-04-22 124256] S0 tdrpman228;Acronis Try&Decide and Restore Points filter (build 228);c:\windows\system32\DRIVERS\tdrpm228.sys [2009-10-23 1462304] S1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\DRIVERS\CLBStor.sys [2009-03-11 24560] S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2012/05/12 21:11];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [2010-01-13 05:08 146928] S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112] S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-03-30 151656] S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2008-11-26 323584] S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-26 13672] S2 MotoHelper.exe;Motorola Helper;c:\program files (x86)\Motorola\Moto Helper Service\MotoHelper.exe [2010-09-15 6656] S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-06 214896] S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824] S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312] S3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);c:\windows\system32\DRIVERS\CamDrL64.sys [2007-02-03 955680] S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2009-06-17 74256] S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2009-06-17 13328] S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2007-02-03 58528] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-08-05 1342064] . . --- Other Services/Drivers In Memory --- . *Deregistered* - Avgtdia . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2011-01-19 22:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2012-11-08 22:05 1604632 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.5\Installer\setup.exe . Contents of the 'Scheduled Tasks' folder . 2012-11-13 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 17:39] . 2012-11-09 c:\windows\Tasks\avast! Emergency Update.job - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-11-09 23:50] . 2012-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-11 15:39] . 2012-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-11 15:39] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 23:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2012-10-25 22:45 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2012-10-25 22:45 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2012-10-25 22:45 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2012-10-25 22:45 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mStart Page = mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local>;192.168.*.*;*.local IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 Trusted Zone: intuit.com\ttlc Trusted Zone: microsoft.com\update TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{E167CDFB-4221-440A-A4B5-7D92B3536C51}: DhcpNameServer = 10.0.0.1 DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.032" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.abr" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.amr" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.ani" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.apd" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.art\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.art" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.arw" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.bay" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.bmp" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.bw" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bwf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.bwf" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.caf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.caf" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdda\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.cdda" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cel\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.cel" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.cr2" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.crw" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.cs1" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.cur" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.dcr" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.dcx" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.dib" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.djv" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.djvu" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.dng" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.emf" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.eps" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.erf" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.fff" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.flc" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fli\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.fli" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.fpx" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.gif" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gsm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.gsm" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.hdr" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.icl" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.icn" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.ico" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.iff" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.ilbm" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.int" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.inta" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.iw4" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.j2c" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.j2k" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jbr" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jfif" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jif" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jp2" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jpc" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jpe" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jpeg" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice] @Denied: (2) (S-1-5-21-3966502806-3752072180-1350753476-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jpg" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jpk" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jpx" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kar\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.kar" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.kdc" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.lbm" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m15\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.m15" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.m1a" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.m2a" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice] @Denied: (2) (S-1-5-21-3966502806-3752072180-1350753476-1000) @Denied: (2) (LocalSystem) "Progid"="QuickTime.m4a" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4b\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.m4b" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4p\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.m4p" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.m75" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mag\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.mag" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.mef" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.mos" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.mpv" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.mrw" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.nef" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.nrw" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.orf" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pbm" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pbr" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pcd" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pct" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pcx" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pef" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pgm" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pic" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pics" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pict" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pix" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.png" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.ppm" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.psd" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.psp" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pspbrush" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pspimage" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qcp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.qcp" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.qtpf" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.raf" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.ras" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.raw" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.rgb" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.rgba" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.rle" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.rsb" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.rw2" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.rwl" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdv\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.sdv" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.sfil" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.sgi" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.smf" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smi\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.smi" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smil\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.smil" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.sml" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.sr2" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.srf" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.srw" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.swa" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.tga" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.thm" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.tif" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.tiff" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.ttc" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.ttf" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.ulw" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.v30po" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.v30pp" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.v30ppf" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.vfw" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.wbm" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.wbmp" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.wmf" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.xbm" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.xif" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.xmp" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.xpm" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone)
  12. Combofix seemed to run properly and it rebooted the computer then finished and created the log file: ComboFix 12-11-12.03 - Mark 11/12/2012 21:53:45.3.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2345 [GMT -7:00] Running from: c:\users\Mark\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Mark\g2mdlhlpx.exe c:\windows\msvcr71.dll F:\install.exe I:\Autorun.inf . Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected Restored copy from - c:\windows\ERDNT\cache86\userinit.exe . . ((((((((((((((((((((((((( Files Created from 2012-10-13 to 2012-11-13 ))))))))))))))))))))))))))))))) . . 2012-11-13 04:59 . 2012-11-13 04:59 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-11-13 04:59 . 2012-11-13 04:59 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-11-13 04:59 . 2012-11-13 04:59 -------- d-----w- c:\users\Melissa\AppData\Local\temp 2012-11-13 04:59 . 2012-11-13 04:59 -------- d-----w- c:\users\Kim\AppData\Local\temp 2012-11-13 04:59 . 2012-11-13 04:59 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-13 04:59 . 2012-11-13 04:59 -------- d-----w- c:\users\Carol\AppData\Local\temp 2012-11-12 04:52 . 2012-11-12 04:52 -------- d-----w- C:\_OTL 2012-11-09 16:03 . 2012-10-30 23:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-11-09 16:03 . 2012-10-30 23:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-11-09 16:03 . 2012-10-15 16:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-11-09 16:03 . 2012-10-30 23:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-11-09 16:03 . 2012-10-30 23:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-11-09 16:03 . 2012-10-30 23:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-11-09 16:03 . 2012-10-30 23:50 285328 ----a-w- c:\windows\system32\aswBoot.exe 2012-11-09 16:03 . 2012-10-30 23:51 41224 ----a-w- c:\windows\avastSS.scr 2012-11-09 16:03 . 2012-10-30 23:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-11-09 16:03 . 2012-11-09 16:03 -------- d-----w- c:\programdata\AVAST Software 2012-11-09 16:03 . 2012-11-09 16:03 -------- d-----w- c:\program files\AVAST Software 2012-11-08 17:01 . 2012-11-11 21:42 -------- d-s---w- c:\users\Mark\Google Drive 2012-11-08 16:59 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3B885F40-4677-4467-829A-CFFFEEF83817}\mpengine.dll 2012-11-07 13:47 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-10-27 13:27 . 2012-08-23 15:09 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui 2012-10-27 13:27 . 2012-08-23 13:41 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2012-10-27 13:27 . 2012-08-23 13:40 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2012-10-27 13:27 . 2012-08-23 13:24 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll 2012-10-20 07:51 . 2012-10-02 17:09 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{453CF2FE-6256-414E-B5E5-58DD4C8C1A05}\gapaengine.dll 2012-10-17 16:54 . 2012-09-25 05:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-07 17:39 . 2012-03-29 13:34 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-11-07 17:39 . 2011-05-15 04:30 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-11 04:30 . 2009-12-12 13:11 65309168 ----a-w- c:\windows\system32\MRT.exe 2012-10-02 22:21 . 2012-10-12 17:00 9146728 ----a-w- c:\windows\system32\nvcuda.dll 2012-10-02 22:21 . 2012-10-12 17:00 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll 2012-10-02 22:21 . 2012-10-12 17:00 7414632 ----a-w- c:\windows\system32\nvopencl.dll 2012-10-02 22:21 . 2012-10-12 17:00 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll 2012-10-02 22:21 . 2012-10-12 17:00 2747240 ----a-w- c:\windows\system32\nvcuvid.dll 2012-10-02 22:21 . 2012-10-12 17:00 26331496 ----a-w- c:\windows\system32\nvoglv64.dll 2012-10-02 22:21 . 2012-10-12 17:00 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2012-10-02 22:21 . 2012-10-12 17:00 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-10-02 22:21 . 2012-10-12 17:00 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2012-10-02 22:21 . 2012-10-12 17:00 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2012-10-02 22:21 . 2012-10-12 17:00 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll 2012-10-02 22:21 . 2012-10-12 17:00 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2012-10-02 22:21 . 2012-10-12 17:00 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll 2012-10-02 22:21 . 2012-10-12 17:00 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2012-10-02 22:21 . 2012-10-12 17:00 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2012-10-02 22:21 . 2012-10-12 17:00 25256296 ----a-w- c:\windows\system32\nvcompiler.dll 2012-10-02 22:21 . 2012-10-12 17:00 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll 2012-10-02 22:21 . 2012-10-12 17:00 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2012-10-02 22:21 . 2012-02-10 04:43 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll 2012-10-02 22:21 . 2011-08-12 02:11 1760104 ----a-w- c:\windows\system32\nvdispco64.dll 2012-10-02 22:21 . 2009-09-28 05:12 2731880 ----a-w- c:\windows\system32\nvapi64.dll 2012-10-02 19:51 . 2011-01-08 02:49 3293544 ----a-w- c:\windows\system32\nvsvc64.dll 2012-10-02 19:51 . 2011-01-08 02:49 6200680 ----a-w- c:\windows\system32\nvcpl.dll 2012-10-02 19:50 . 2011-07-03 22:35 2557800 ----a-w- c:\windows\system32\nvsvcr.dll 2012-10-02 19:50 . 2011-01-08 02:48 891240 ----a-w- c:\windows\system32\nvvsvc.exe 2012-10-02 19:50 . 2011-01-08 02:48 118120 ----a-w- c:\windows\system32\nvmctray.dll 2012-10-02 19:50 . 2009-08-17 08:39 63336 ----a-w- c:\windows\system32\nvshext.dll 2012-10-02 19:15 . 2012-10-02 19:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2012-10-02 17:09 . 2011-03-28 01:59 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-09-30 02:54 . 2011-03-22 04:00 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-20 22:02 . 2012-09-20 22:02 1832760 ----a-w- c:\windows\system32\LogiLDA.DLL 2012-09-18 17:27 . 2012-09-18 17:27 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-09-18 17:27 . 2012-09-18 17:27 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-09-14 19:19 . 2012-10-10 16:46 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-10 16:46 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-08-31 18:19 . 2012-10-10 16:49 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-31 04:03 . 2012-08-31 04:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-08-31 04:03 . 2010-10-25 03:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2012-08-30 18:03 . 2012-10-10 16:48 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-10 16:48 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12 . 2012-10-10 16:48 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-08-24 18:05 . 2012-10-10 16:47 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-08-24 16:57 . 2012-10-10 16:47 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-08-24 11:15 . 2012-09-23 03:58 17810944 ----a-w- c:\windows\system32\mshtml.dll 2012-08-24 10:39 . 2012-09-23 03:58 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-08-24 10:31 . 2012-09-23 03:58 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-08-24 10:22 . 2012-09-23 03:58 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-08-24 10:21 . 2012-09-23 03:58 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 10:20 . 2012-09-23 03:58 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-24 10:18 . 2012-09-23 03:58 237056 ----a-w- c:\windows\system32\url.dll 2012-08-24 10:17 . 2012-09-23 03:58 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-08-24 10:14 . 2012-09-23 03:58 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-08-24 10:14 . 2012-09-23 03:58 816640 ----a-w- c:\windows\system32\jscript.dll 2012-08-24 10:13 . 2012-09-23 03:58 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-08-24 10:12 . 2012-09-23 03:58 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-08-24 10:11 . 2012-09-23 03:58 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-08-24 10:10 . 2012-09-23 03:58 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-08-24 10:09 . 2012-09-23 03:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-24 10:04 . 2012-09-23 03:58 248320 ----a-w- c:\windows\system32\ieui.dll 2012-08-24 06:59 . 2012-09-23 03:58 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-08-24 06:51 . 2012-09-23 03:58 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-08-24 06:51 . 2012-09-23 03:58 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-08-24 06:47 . 2012-09-23 03:58 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-08-24 06:47 . 2012-09-23 03:58 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-08-24 06:43 . 2012-09-23 03:58 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-08-22 18:12 . 2012-09-12 11:17 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-08-22 18:12 . 2012-09-12 11:18 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 18:12 . 2012-09-12 11:17 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 18:12 . 2012-09-12 11:17 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-21 21:01 . 2012-09-26 15:59 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-08-21 19:01 . 2012-09-19 14:32 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-08-21 19:01 . 2009-10-11 04:38 125872 ----a-w- c:\windows\system32\GEARAspi64.dll 2012-08-21 19:01 . 2009-10-11 04:38 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll 2012-08-20 18:48 . 2012-10-10 16:48 243200 ----a-w- c:\windows\system32\wow64.dll 2012-08-20 18:48 . 2012-10-10 16:48 362496 ----a-w- c:\windows\system32\wow64win.dll 2012-08-20 18:48 . 2012-10-10 16:48 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2012-08-20 18:48 . 2012-10-10 16:48 215040 ----a-w- c:\windows\system32\winsrv.dll 2012-08-20 18:48 . 2012-10-10 16:48 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2012-08-20 18:48 . 2012-10-10 16:48 424448 ----a-w- c:\windows\system32\KernelBase.dll 2012-08-20 18:48 . 2012-10-10 16:48 1162240 ----a-w- c:\windows\system32\kernel32.dll 2012-08-20 18:46 . 2012-10-10 16:48 338432 ----a-w- c:\windows\system32\conhost.exe 2012-08-20 18:38 . 2012-10-10 16:48 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:48 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:48 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-09-27 35840] R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\4183.tmp [x] R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 31744] R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x] R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x] R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [x] R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896] R3 Normandy;Normandy SR2; [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-07 1255736] R4 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2009-04-22 124256] S0 tdrpman228;Acronis Try&Decide and Restore Points filter (build 228);c:\windows\system32\DRIVERS\tdrpm228.sys [2009-10-23 1462304] S1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\DRIVERS\CLBStor.sys [2009-03-11 24560] S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2012/05/12 21:11];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [2010-01-13 05:08 146928] S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112] S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-03-30 151656] S2 CLBUDF;CyberLink InstantBurn UDF Filesystem; [x] S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2008-11-26 323584] S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-26 13672] S2 MotoHelper.exe;Motorola Helper;c:\program files (x86)\Motorola\Moto Helper Service\MotoHelper.exe [2010-09-15 6656] S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-06 214896] S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824] S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312] S3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);c:\windows\system32\DRIVERS\CamDrL64.sys [2007-02-03 955680] S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2009-06-17 74256] S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2009-06-17 13328] S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2007-02-03 58528] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-08-05 1342064] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL *Deregistered* - Avgtdia . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2011-01-19 22:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2012-11-08 22:05 1604632 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.5\Installer\setup.exe . Contents of the 'Scheduled Tasks' folder . 2012-11-13 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 17:39] . 2012-11-09 c:\windows\Tasks\avast! Emergency Update.job - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-11-09 23:50] . 2012-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-11 15:39] . 2012-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-11 15:39] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 23:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2012-10-25 22:45 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2012-10-25 22:45 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2012-10-25 22:45 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2012-10-25 22:45 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mStart Page = mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local>;192.168.*.*;*.local IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 Trusted Zone: intuit.com\ttlc Trusted Zone: microsoft.com\update TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{E167CDFB-4221-440A-A4B5-7D92B3536C51}: DhcpNameServer = 10.0.0.1 DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\4183.tmp" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.032" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.abr" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.amr" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.ani" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.apd" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.art\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.art" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.arw" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.bay" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.bmp" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.bw" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bwf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.bwf" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.caf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.caf" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdda\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.cdda" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cel\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.cel" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.cr2" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.crw" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.cs1" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.cur" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.dcr" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.dcx" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.dib" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.djv" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.djvu" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.dng" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.emf" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.eps" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.erf" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.fff" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.flc" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fli\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.fli" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.fpx" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.gif" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gsm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.gsm" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.hdr" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.icl" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.icn" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.ico" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.iff" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.ilbm" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.int" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.inta" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.iw4" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.j2c" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.j2k" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jbr" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jfif" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jif" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jp2" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jpc" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jpe" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jpeg" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice] @Denied: (2) (S-1-5-21-3966502806-3752072180-1350753476-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jpg" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jpk" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jpx" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kar\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.kar" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.kdc" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.lbm" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m15\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.m15" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.m1a" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.m2a" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice] @Denied: (2) (S-1-5-21-3966502806-3752072180-1350753476-1000) @Denied: (2) (LocalSystem) "Progid"="QuickTime.m4a" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4b\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.m4b" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4p\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.m4p" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.m75" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mag\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.mag" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.mef" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.mos" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.mpv" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.mrw" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.nef" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.nrw" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.orf" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pbm" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pbr" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pcd" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pct" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pcx" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pef" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pgm" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pic" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pics" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pict" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pix" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.png" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.ppm" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.psd" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.psp" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pspbrush" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pspimage" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qcp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.qcp" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.qtpf" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.raf" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.ras" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.raw" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.rgb" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.rgba" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.rle" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.rsb" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.rw2" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.rwl" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdv\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.sdv" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.sfil" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.sgi" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.smf" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smi\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.smi" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smil\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.smil" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.sml" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.sr2" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.srf" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.srw" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.swa" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.tga" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.thm" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.tif" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.tiff" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.ttc" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.ttf" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.ulw" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.v30po" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.v30pp" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.v30ppf" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.vfw" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.wbm" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.wbmp" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.wmf" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.xbm" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.xif" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.xmp" . [HKEY_USERS\S-1-5-21-3966502806-3752072180-1350753476-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.xpm" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\&
  13. One thing it is doing now is running a backup in progress. When I hover over the flag icon on the lower right it is showing a little clock and says backup in progress. The last backup was November 5 so this would be the weekly backup that would have run earlier today if it was on. Should I let it proceed or try to cancel it somehow? I am thinking to just let it run if it won't do any harm, although I suppose it will overwrite the previous one. Thanks.
  14. Hooray! I had the ethernet network cable disconnected and booted up using the last known good configuration, and it has booted successfully. I have not tried anything else yet, and I am unsure now what to do, i.e. should I somehow save this configuration before proceeding? Should I restart it again? Should I try to reboot it with the ethernet network cable connected? Note I saw something different this time in booting up: earlier the small network connection icon in the lower right of the screen whould have a small red x and a little circle would go around and around on the icon like it was trying to make a connection, then it would crash. This time it did not do this, just the icon and a red x on it. Perhaps whatever was causing it to crash was creating or was a result of the circle indicator on the network icon also? Thanks for your good help and I will just leave it up and running now until I hear a reply from you on the next step. I would not wish to go backwards at this point if I can help it.
  15. Under the Advanced Boot Menu I have the following options: Repair Your Computer Safe Mode Safe Mode with Networking Safe Mode with Command Prompt Enable Boot Logging Enable low-resolution video (640 x 480) Last Known Good Configuration (advanced) Directory Services Restore Mode Debugging Mode Disable automatic restart on system failure Disable Driver Signature Start Windows Normally Thanks for your reply and I hope these will be useful.