ComboFix 16-03-01.01 - Ahlaway 03/05/2016 0:50.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1256.20.1033.18.2005.1238 [GMT 2:00] Running from: c:\users\Ahlaway\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2016-02-04 to 2016-03-04 ))))))))))))))))))))))))))))))) . . 2016-03-04 22:55 . 2016-03-04 22:55 -------- d-----w- c:\users\Default\AppData\Local\temp 2016-03-04 17:40 . 2016-03-04 17:40 -------- d-----w- c:\users\Ahlaway\AppData\Roaming\Tencent 2016-03-04 17:40 . 2016-03-04 17:40 -------- d-----w- c:\program files\Tencent 2016-03-04 16:33 . 2016-03-04 17:45 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2016-03-04 16:32 . 2015-10-05 07:50 51928 ----a-w- c:\windows\system32\drivers\mwac.sys 2016-03-04 16:32 . 2015-10-05 07:50 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2016-03-04 16:32 . 2015-10-05 07:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys 2016-03-04 16:32 . 2016-03-04 16:32 -------- d-----w- c:\program files\Malwarebytes Anti-Malware 2016-03-04 16:32 . 2016-03-04 16:32 -------- d-----w- c:\programdata\Malwarebytes 2016-03-04 16:19 . 2016-03-04 16:23 -------- d-----w- C:\AdwCleaner 2016-03-04 00:19 . 2016-03-04 17:46 -------- d-----w- c:\users\Ahlaway\AppData\Roaming\ZHP 2016-03-03 00:09 . 2016-03-03 00:09 -------- d-----w- c:\users\Ahlaway\AppData\Roaming\HD Tune Pro 2016-03-03 00:09 . 2016-03-03 00:09 -------- d-----w- c:\program files\HD Tune Pro 2016-02-21 17:31 . 2016-02-21 17:31 -------- d-----w- c:\users\Ahlaway\AppData\Roaming\mkvtoolnix 2016-02-21 17:31 . 2016-02-21 17:31 -------- d-----w- c:\program files\MKVToolNix 2016-02-21 17:21 . 2016-02-21 17:21 -------- d-----w- c:\program files\URUSoft 2016-02-15 00:08 . 2016-02-15 00:08 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5BB8C920-4B4C-44CA-9D34-4B96815DD509}\offreg.420.dll 2016-02-12 00:32 . 2016-02-12 00:32 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5BB8C920-4B4C-44CA-9D34-4B96815DD509}\offreg.1864.dll 2016-02-11 08:28 . 2016-03-03 00:10 -------- d-----w- c:\program files\CardRecovery 2016-02-10 22:50 . 2016-02-10 23:04 -------- d-----w- c:\users\Ahlaway\AppData\Local\Google 2016-02-04 02:36 . 2016-02-04 02:36 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5BB8C920-4B4C-44CA-9D34-4B96815DD509}\offreg.1324.dll 2016-02-04 01:23 . 2003-06-18 15:31 18944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll 2016-02-04 01:23 . 2003-06-18 15:31 17920 ----a-w- c:\windows\system32\mdimon.dll 2016-02-04 01:22 . 2016-02-04 01:22 -------- d-----w- c:\program files\Microsoft ActiveSync 2016-02-04 01:22 . 2016-02-04 01:22 -------- d-----w- c:\windows\PCHEALTH . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2016-02-10 01:05 . 2016-01-15 00:38 796864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2016-02-10 01:05 . 2016-01-15 00:38 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2016-01-26 00:15 . 2016-01-26 00:15 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5BB8C920-4B4C-44CA-9D34-4B96815DD509}\offreg.5940.dll 2016-01-15 00:24 . 2016-01-15 00:24 728858 ----a-w- c:\program files\Common Files\unins000.exe 2016-01-15 00:19 . 2016-01-15 00:20 1187697 ----a-w- c:\windows\unins000.exe 2016-01-15 00:18 . 2016-01-15 00:15 73480 ----a-w- c:\windows\system32\drivers\aswmonflt.sys 2016-01-15 00:18 . 2016-01-15 00:15 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys 2016-01-15 00:18 . 2016-01-15 00:15 423784 ----a-w- c:\windows\system32\drivers\aswsp.sys 2016-01-15 00:15 . 2016-01-15 00:15 91496 ----a-w- c:\windows\system32\drivers\aswStm.sys 2016-01-15 00:15 . 2016-01-15 00:15 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2016-01-15 00:15 . 2016-01-15 00:15 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2016-01-15 00:15 . 2016-01-15 00:15 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys 2016-01-15 00:15 . 2016-01-15 00:15 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2016-01-15 00:15 . 2016-01-15 00:15 291352 ----a-w- c:\windows\system32\aswBoot.exe 2016-01-15 00:15 . 2016-01-15 00:15 43152 ----a-w- c:\windows\avastSS.scr 2016-01-15 00:14 . 2016-01-15 00:15 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2016-01-15 00:14 . 2016-01-15 00:14 271288 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys 2015-12-16 08:15 . 2016-01-15 01:02 9014120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5BB8C920-4B4C-44CA-9D34-4B96815DD509}\mpengine.dll 2008-03-09 05:25 . 2016-01-15 00:25 236 ---ha-w- c:\program files\Common Files\dx.reg . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2015-08-14 10:52 23520 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2016-01-15 00:15 723976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2009-08-16 955392] "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2015-10-08 3911248] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-01-15 5227648] "ACPW07EN"="c:\program files\ACD Systems\ACDSee Pro\7.0\acdIDInTouch2.exe" [2013-09-25 1414984] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2016-01-15 91496] R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-10-05 1135416] R3 Lenovo EasyPlus Hotspot;Lenovo EasyPlus Hotspot;c:\program files\Common Files\LENOVO\easyplussdk\bin\EPHotspot.exe [2015-07-22 509408] R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-10-05 51928] R4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-10-05 1513784] S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys [2016-01-15 271288] S0 aswRvrt;avast! Revert; [x] S0 aswVmm;avast! VM Monitor; [x] S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2016-01-15 26136] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2016-01-15 787800] S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2016-01-15 423784] S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2016-01-15 24184] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2016-01-15 73480] S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2016-01-15 104416] S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2015-06-12 123968] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-10-05 23256] . . Contents of the 'Scheduled Tasks' folder . 2016-03-04 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-15 01:05] . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: ÊÍãíá Çáßá ÈæÇÓØÉ Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm IE: ÊÍãíá ÈæÇÓØÉ Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm TCP: DhcpNameServer = 192.168.1.1 0.0.0.0 DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab FF - ProfilePath - c:\users\Ahlaway\AppData\Roaming\Mozilla\Firefox\Profiles\y2es4rt5.default\ FF - prefs.js: keyword.URL - FF - prefs.js: network.proxy.gopher - FF - prefs.js: network.proxy.gopher_port - 0 FF - prefs.js: network.proxy.type - 0 . . ------- File Associations ------- . txtfile=c:\program files\Win32Pad\win32pad.exe "%L" . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.032" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.abr" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.ani" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.apd" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.arw" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.bay" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.bmp" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.cr2" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.crw" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.cs1" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.cur" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.dcr" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.dcx" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.dib" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.djv" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.djvu" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.dng" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.emf" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.eps" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.erf" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.fff" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.gif" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.hdr" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.icl" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.icn" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.iw4" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.j2c" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.j2k" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.jbr" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.jfif" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.jif" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.jp2" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.jpc" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.jpe" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.jpeg" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.jpg" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.jpk" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.jpx" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.kdc" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.mef" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.mos" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.mrw" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.nef" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.nrw" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.orf" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.pbr" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.pct" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.pcx" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.pef" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.pic" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.pict" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.png" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.psd" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.psp" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.pspbrush" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.pspimage" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.raf" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice] @Denied: (2) (S-1-5-21-3744362799-3686997042-332574508-1000) @Denied: (2) (LocalSystem) "Progid"="Winamp.File.raw" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.rle" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.rw2" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.rwl" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.sr2" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.srf" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.srw" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.tga" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.thm" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.tif" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.tiff" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.ttc" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.ttf" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v70po\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.v70po" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v70pp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.v70pp" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v70ppf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.v70ppf" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.wbm" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.wbmp" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.webp" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.wmf" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.xif" . [HKEY_USERS\S-1-5-21-3744362799-3686997042-332574508-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 7.xmp" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2016-03-05 00:56:53 ComboFix-quarantined-files.txt 2016-03-04 22:56 . Pre-Run: 18,027,581,440 bytes free Post-Run: 18,160,873,472 bytes free . - - End Of File - - FAEFEF9869B64945670181B8F583AC2D 467AF24549A15774C15EB4AEB96BD0A1