ComboFix 12-02-17.02 - Lori Admin 02/17/2012 11:49:30.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3518.2351 [GMT -5:00] Running from: c:\users\Lori Admin\Desktop\ComboFix.exe AV: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92} SP: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe c:\users\Lori Admin\AppData\Local\assembly\tmp c:\users\Lori Admin\AppData\Roaming\Adobe\shed c:\users\Lori Admin\AppData\Roaming\ldr.ini c:\users\Lori Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Cloud AV c:\users\Lori Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Cloud AV\Open Cloud AV.lnk c:\users\Lori Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y9qkjaw0.default\searchplugins\bing-zugo.xml c:\users\Lori Admin\AppData\Roaming\U2iiibF3pnG5aHdOpen Cloud AV.ico c:\windows\$NtUninstallKB9385$ c:\windows\$NtUninstallKB9385$\1390840240\@ c:\windows\$NtUninstallKB9385$\1390840240\bckfg.tmp c:\windows\$NtUninstallKB9385$\1390840240\cfg.ini c:\windows\$NtUninstallKB9385$\1390840240\Desktop.ini c:\windows\$NtUninstallKB9385$\1390840240\kwrd.dll c:\windows\$NtUninstallKB9385$\1390840240\L\qnbwvoto c:\windows\$NtUninstallKB9385$\1390840240\lsflt7.ver c:\windows\$NtUninstallKB9385$\1390840240\U\00000001.@ c:\windows\$NtUninstallKB9385$\1390840240\U\00000002.@ c:\windows\$NtUninstallKB9385$\1390840240\U\80000000.@ c:\windows\$NtUninstallKB9385$\1390840240\U\80000032.@ c:\windows\$NtUninstallKB9385$\37362353 c:\windows\system32\7BB4.tmp c:\windows\system32\8566.tmp c:\windows\system32\C84E.tmp c:\windows\system32\GroupPolicy\Machine\Registry.pol c:\windows\system32\ijl11.dll c:\windows\system32\spool\prtprocs\w32x86\ppbiPr.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_MEMSWEEP2 . . ((((((((((((((((((((((((( Files Created from 2012-01-17 to 2012-02-17 ))))))))))))))))))))))))))))))) . . 2012-02-16 00:39 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2012-02-14 17:02 . 2012-02-14 17:02 -------- d-----w- c:\programdata\Kaspersky Lab 2012-02-14 00:19 . 2012-02-14 00:19 -------- d-----w- c:\program files\WinPcap 2012-02-10 05:02 . 2012-02-10 05:03 -------- d-----w- c:\programdata\Protexis 2012-02-10 04:57 . 2012-02-10 04:57 -------- d-----w- c:\users\Lori Admin\AppData\Local\Corel PaintShop Pro 2012-02-10 04:53 . 2005-05-26 20:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll 2012-01-21 17:20 . 2011-01-07 19:39 768848 ----a-w- c:\windows\system32msvcr100.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-17 13:14 . 2011-05-24 21:33 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-10 05:11 . 2009-07-11 14:25 8354 --sha-w- c:\programdata\KGyGaAvL.sys 2012-01-12 19:52 . 2012-02-16 00:39 2044416 ----a-w- c:\windows\system32\win32k.sys 2011-12-14 16:17 . 2012-02-16 00:39 680448 ----a-w- c:\windows\system32\msvcrt.dll 2011-12-14 02:57 . 2012-02-16 08:10 1127424 ----a-w- c:\windows\system32\wininet.dll 2011-11-25 15:59 . 2012-01-11 08:37 376320 ----a-w- c:\windows\system32\winsrv.dll 2008-06-19 09:16 . 2008-06-19 09:16 118784 ----a-w- c:\program files\mozilla firefox\plugins\MyCamera.dll 2012-02-17 13:21 . 2011-06-04 17:18 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2011-07-25 2585408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536] "KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536] "RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240] "SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-19 76304] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-12-18 622592] "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-30 13797992] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] "Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-10-02 129304] "Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-05 1300672] "Trend Micro RUBotted V2.0 Beta"="c:\program files\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-12-17 1103184] . c:\users\Lori Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712] _uninst_20367289.lnk - c:\users\Lori Admin\AppData\Local\Temp\_uninst_20367289.bat [N/A] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-13 809488] Snagit 10.lnk - c:\program files\TechSmith\Snagit 10\Snagit32.exe [2011-3-21 7067464] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] 2012-01-03 13:10 815512 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher] 2012-01-03 13:10 36760 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2011-09-27 12:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAHeadless] 2010-09-30 07:09 533952 ----a-w- c:\program files\Adobe\Elements 9 Organizer\CAHeadless\ElementsAutoAnalyzer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detection] 2011-04-27 14:38 404664 ----a-w- c:\program files\FUJIFILM\MyFinePix Studio\dd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLSService] 2009-06-24 04:08 55808 ----a-w- c:\program files\DYMO\DYMO Label Software\DLSService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2010-03-12 17:08 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon] 2008-08-20 14:54 150016 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Standby] 2010-04-14 20:12 105632 ----a-w- c:\program files\Common Files\Corel\Standby\Standby.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-19 03:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache getPlusHelper REG_MULTI_SZ getPlusHelper HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-06-17 16:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2012-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-07 21:54] . 2012-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-07 21:54] . . ------- Supplementary Scan ------- . uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://search.myheritage.com uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 Trusted Zone: scouting.org\scoutnet TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\Lori Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y9qkjaw0.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4e4fe2d3&v=7.008.031.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q= FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . . ------- File Associations ------- . JSEFile=NOTEPAD.EXE %1 . - - - - ORPHANS REMOVED - - - - . Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file) WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKCU-Run-AdobeBridge - (no file) MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe MSConfigStartUp-Google Quick Search Box - c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe HKLM_ActiveSetup-Neat ADF Scanner 2008 - reg copy HKLM\Software\The Neat Company\Neat ADF Scanner 2008 HKCU\Software\The Neat Company\Neat ADF Scanner 2008 HKLM_ActiveSetup-Send To Neat - reg copy HKLM\Software\The Neat Company\Send To Neat HKCU\Software\The Neat Company\Send To Neat AddRemove-WT074873 - c:\program files\HP Games\Wedding Dash - Ready . . . ************************************************************************** scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.032" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.abr" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.amr" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.ani" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.apd" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.arw" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.bay" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice] @Denied: (2) (S-1-5-21-1126565441-3387605670-4205507421-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.bmp" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.bw" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bwf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.bwf" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cel\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.cel" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.cr2" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.crw" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.cs1" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.cur" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.dcr" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.dcx" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.dib" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.djv" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.djvu" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.dng" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.emf" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.eps" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.erf" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.fff" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.flc" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fli\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.fli" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.fpx" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice] @Denied: (2) (S-1-5-21-1126565441-3387605670-4205507421-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.gif" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gsm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.gsm" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.hdr" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.icl" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.icn" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.ico" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.iff" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.ilbm" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.int" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.inta" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.iw4" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.j2c" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.j2k" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jbr" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jfif" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jif" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jp2" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jpc" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice] @Denied: (2) (S-1-5-21-1126565441-3387605670-4205507421-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jpe" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice] @Denied: (2) (S-1-5-21-1126565441-3387605670-4205507421-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jpeg" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice] @Denied: (2) (S-1-5-21-1126565441-3387605670-4205507421-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jpg" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jpk" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.jpx" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kar\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.kar" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.kdc" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.lbm" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m15\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.m15" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.m1a" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.m2a" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4b\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.m4b" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.m4v" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.m75" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.mef" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.mos" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.mpv" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.mrw" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.nef" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.nrw" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.orf" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pbm" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pbr" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pcd" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pct" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pcx" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pef" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pgm" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pic" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pics" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pict" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pix" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice] @Denied: (2) (S-1-5-21-1126565441-3387605670-4205507421-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.png" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.ppm" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.psd" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.psp" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pspbrush" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice] @Denied: (2) (S-1-5-21-1126565441-3387605670-4205507421-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.pspimage" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qcp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.qcp" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.qtpf" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.raf" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.ras" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.raw" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.rgb" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.rgba" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.rle" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.rsb" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.rw2" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.rwl" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdv\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.sdv" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.sfil" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.sgi" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.smf" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smi\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.smi" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smil\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.smil" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.sml" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.sr2" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.srf" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.swa" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.tga" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.thm" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice] @Denied: (2) (S-1-5-21-1126565441-3387605670-4205507421-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.tif" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice] @Denied: (2) (S-1-5-21-1126565441-3387605670-4205507421-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.tiff" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.ttc" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.ttf" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.ulw" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.vfw" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.wbm" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.wbmp" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.wmf" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.xbm" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.xif" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 12.xpm" . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BB971689-3D21-3708-FBB4-4692344C6333}*] "oafckjobcaaoaldhhdlndmabkofanc"=hex:6a,61,69,6b,69,65,67,68,68,6f,69,64,6b,6f, 6b,61,62,63,65,65,00,00 "nadcjhndcaelkfbdflbkkhcekdcl"=hex:6a,61,6a,6b,6a,62,66,65,6a,69,6f,69,66,68, 6f,67,69,62,64,62,00,fa "jaldakkaejnjbmcgomkm"=hex:6a,61,6a,6b,6a,62,66,65,6a,69,6f,69,66,68,6f,67,69, 62,64,62,00,00 "abjambliolfdmnipgblkhcckfgnkplfdpl"=hex:6f,61,64,63,70,68,69,6d,67,66,66,61, 6f,6f,65,6e,65,67,66,66,6e,63,67,66,61,62,65,66,69,69,00,00 "pajambliolfdmnipgblkhcckfgalmodn"=hex:6f,61,6e,63,6c,6a,69,68,61,6c,64,65,70, 62,62,64,6a,6d,64,6f,68,62,66,6b,64,6b,64,6f,6b,69,00,00 . [HKEY_USERS\S-1-5-21-1126565441-3387605670-4205507421-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Enroute Imaging\QuickStitch\¯*  "!] @Allowed: (Read) (RestrictedCode) "NumOfRun"="2" . [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(3892) c:\program files\Logitech\SetPoint\lgscroll.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\agent.exe c:\windows\system32\nvvsvc.exe c:\windows\system32\nvvsvc.exe c:\program files\Trend Micro\AMSP\coreServiceShell.exe c:\program files\Trend Micro\AMSP\coreFrameworkHost.exe c:\program files\DYMO\DYMO Label Software\DymoPnpService.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\The Monticello Corporation\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\windows\system32\nlssrv32.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\program files\Trend Micro\RUBotted\RUBotSrv.exe c:\program files\Microsoft Application Virtualization Client\sftvsa.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\windows\system32\DRIVERS\xaudio.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\Microsoft Application Virtualization Client\sftlist.exe c:\windows\system32\WUDFHost.exe c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE c:\windows\RtHDVCpl.exe c:\windows\ehome\ehmsas.exe c:\program files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE c:\program files\TechSmith\Snagit 10\TSCHelp.exe c:\program files\TechSmith\Snagit 10\SnagPriv.exe c:\hp\kbd\kbd.exe c:\program files\TechSmith\Snagit 10\snagiteditor.exe . ************************************************************************** . Completion time: 2012-02-17 12:24:02 - machine was rebooted ComboFix-quarantined-files.txt 2012-02-17 17:23 . Pre-Run: 111,215,288,320 bytes free Post-Run: 111,335,325,696 bytes free . - - End Of File - - D012C75AEB0A302C432543A0D4A3F49D