1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Music playing in background, take a look at my log!

Discussion in 'Virus & Other Malware Removal' started by iShazz, May 29, 2012.

Thread Status:
Not open for further replies.
  1. iShazz

    iShazz Thread Starter

    Joined:
    May 29, 2012
    Messages:
    1
    This is from regcleaner, I have all 4 logs not sure which is looked at

    Filetypes:
    Code:
    .386, Vxdfile
    .3g2, QuickTime.3g2
    .3gp, QuickTime.3gp
    .3gp2, QuickTime.3gp2
    .3gpp, QuickTime.3gpp
    .7z, WinZip
    .a, N/A
    .aac, QuickTime.aac
    .ac3, QuickTime.ac3
    .accdt, N/A
    .acl, ACLFile
    .acrobatsecuritysettings, AcroExch.acrobatsecuritysettings
    .adt, WMP11.AssocFile.ADTS
    .adts, QuickTime.adts
    .ai, N/A
    .aif, QuickTime.aif
    .aifc, QuickTime.aifc
    .aiff, QuickTime.aiff
    .amc, QuickTime.amc
    .amr, N/A
    .ani, Anifile
    .ans, N/A
    .api, AcroExch.Plugin
    .application, Application.Manifest
    .appref-ms, Application.Reference
    .aps, N/A
    .art, N/A
    .arw, N/A
    .asa, Aspfile
    .asc, N/A
    .ascx, N/A
    .asf, WMP11.AssocFile.ASF
    .asm, N/A
    .asmx, N/A
    .asp, Aspfile
    .aspx, N/A
    .asx, WMP11.AssocFile.ASX
    .au, WMP11.AssocFile.AU
    .avi, Divx_avi_file
    .aw, AWFile
    .b64, WinZip
    .bas, N/A
    .bat, Batfile
    .bcp, N/A
    .bhx, WinZip
    .bin, N/A
    .bkf, N/A
    .blg, Diagnostic.Perfmon.Document
    .blogthis, WindowsLiveWriter.BlogThis.1
    .bmp, Paint.Picture
    .bsc, N/A
    .bwf, N/A
    .bz, WinZip
    .bz2, WinZip
    .c, N/A
    .c2r, MediaCenter.C2R
    .cab, WinZip
    .caf, QuickTime.caf
    .camp, Campfile
    .cat, CATFile
    .cc, N/A
    .cda, WMP11.AssocFile.CDA
    .cdda, QuickTime.cdda
    .cdmp, Cdmpfile
    .cdx, Aspfile
    .cel, N/A
    .cer, CERFile
    .cgm, N/A
    .ChessTitansSave-ms, MicrosoftChessTitansSaveFile
    .chk, Chkfile
    .chm, Chm.file
    .cls, N/A
    .cmd, Cmdfile
    .cod, N/A
    .com, Comfile
    .ComfyCakesSave-ms, MicrosoftComfyCakesSaveFile
    .compositefont, Windows.CompositeFont
    .contact, Contact_wab_auto_file
    .cpl, Cplfile
    .cpp, N/A
    .cr2, N/A
    .crd, Microsoft.InformationCard
    .crds, Microsoft.WindowsCardSpaceBackup
    .crl, CRLFile
    .crt, CERFile
    .crtx, CRTXFile
    .crw, N/A
    .cs, N/A
    .csa, N/A
    .csproj, N/A
    .css, CSSfile
    .csv, Excel.CSV
    .cur, Curfile
    .cxx, N/A
    .db, Dbfile
    .dbg, N/A
    .dbs, N/A
    .dcr, N/A
    .dct, N/A
    .def, N/A
    .der, CERFile
    .desklink, Clsid\{9e56be61-c50f-11cf-9a2c-00a0c90a90ce}
    .det, Outlook.File.det.14
    .diagcab, Diagnostic.Cabinet
    .diagcfg, Diagnostic.Config
    .diagpkg, Diagnostic.Document
    .dib, Paint.Picture
    .dic, Txtfile
    .dif, QuickTime.dif
    .dir, N/A
    .disabled, SpybotSD.DisabledFile
    .div, Divx_div_file
    .divx, Divx_divx_file
    .diz, N/A
    .dl_, N/A
    .dll, Dllfile
    .dng, N/A
    .doc, Word.Document.8
    .dochtml, Wordhtmlfile
    .docm, Word.DocumentMacroEnabled.12
    .docmhtml, Wordmhtmlfile
    .docx, Word.Document.12
    .docxml, Wordxmlfile
    .dos, N/A
    .dot, Word.Template.8
    .dothtml, Wordhtmltemplate
    .dotm, Word.TemplateMacroEnabled.12
    .dotx, Word.Template.12
    .dqy, Dqyfile
    .drv, Drvfile
    .dsn, Msdasql
    .dsp, N/A
    .dsw, N/A
    .dv, QuickTime.dv
    .dvr, MediaCenter.DVR
    .dvr-ms, MediaCenter.DVR-MS
    .dwfx, Windows.XPSReachViewer
    .dxr, N/A
    .dzm, Dzmfile
    .dzp, Dzpfile
    .dzt, Dztfile
    .easmx, Windows.XPSReachViewer
    .edrwx, Windows.XPSReachViewer
    .elm, ELMFile
    .emf, Emffile
    .eml, Outlook.File.eml.14
    .eprtx, Windows.XPSReachViewer
    .eps, N/A
    .erf, N/A
    .etp, N/A
    .evt, Evtfile
    .evtx, Evtxfile
    .ex_, N/A
    .exc, Txtfile
    .exe, Exefile
    .exif, N/A
    .exp, N/A
    .ext, N/A
    .eyb, N/A
    .faq, N/A
    .fdf, AcroExch.FDFDoc
    .fdm, Outlook.File.fdm.14
    .fif, N/A
    .fky, N/A
    .flc, N/A
    .fli, N/A
    .flv, N/A
    .fnd, N/A
    .fnt, N/A
    .fon, Fonfile
    .FreeCellSave-ms, MicrosoftFreeCellSaveFile
    .gadget, Windows.gadget
    .gcsx, GCSXFile
    .ghi, N/A
    .gif, Giffile
    .glox, GLOXFile
    .gmmp, Gmmpfile
    .gqsx, GQSXFile
    .gra, MSGraph.Chart.8
    .group, Group_wab_auto_file
    .grp, MSProgramGroup
    .gsm, QuickTime.gsm
    .gz, WinZip
    .h, N/A
    .h1c, H1cfile
    .h1d, H1dfile
    .h1f, H1ffile
    .h1h, H1hfile
    .h1k, H1kfile
    .h1q, H1qfile
    .h1s, H1sfile
    .h1t, H1tfile
    .h1v, H1vfile
    .h1w, H1wfile
    .hdp, N/A
    .HeartsSave-ms, MicrosoftHeartsSaveFile
    .hhc, N/A
    .hlp, Hlpfile
    .hol, Outlook.File.hol.14
    .hpp, N/A
    .hqx, WinZip
    .hta, Htafile
    .htm, FirefoxHTML
    .html, FirefoxHTML
    .htt, N/A
    .htw, N/A
    .htx, N/A
    .hxa, MSHelp.hxa.2.5
    .hxc, MSHelp.hxc.2.5
    .hxd, MSHelp.hxd.2.5
    .hxe, MSHelp.hxe.2.5
    .hxf, MSHelp.hxf.2.5
    .hxh, MSHelp.hxh.2.5
    .hxi, MSHelp.hxi.2.5
    .hxk, MSHelp.hxk.2.5
    .hxq, MSHelp.hxq.2.5
    .hxr, MSHelp.hxr.2.5
    .hxs, MSHelp.hxs.2.5
    .hxt, MSHelp.hxt.2.5
    .hxv, MSHelp.hxv.2.5
    .hxw, MSHelp.hxa.2.5
    .hxx, N/A
    .i, N/A
    .ibq, N/A
    .icc, Icmfile
    .icl, IconLibraryFile
    .icm, Icmfile
    .ico, Icofile
    .icon, N/A
    .ics, Outlook.File.ics.14
    .idl, N/A
    .idq, N/A
    .ilk, N/A
    .imc, N/A
    .img, WinZip
    .in_, N/A
    .inc, N/A
    .inf, Inffile
    .ini, Inifile
    .inl, N/A
    .inv, N/A
    .inx, N/A
    .iqy, Iqyfile
    .iso, WinZip
    .ivf, N/A
    .jav, N/A
    .java, N/A
    .jbf, N/A
    .jfif, Pjpegfile
    .Job, JobObject
    .jod, Microsoft.Jet.OLEDB.4.0
    .jp2, N/A
    .jpe, Jpegfile
    .jpeg, Jpegfile
    .jpg, Jpegfile
    .js, JSFile
    .jse, JSEFile
    .jtx, Windows.XPSReachViewer
    .k3g, N/A
    .kar, N/A
    .kci, N/A
    .kdc, N/A
    .label, Label
    .latex, N/A
    .lex, LEXFile
    .lgn, N/A
    .lha, WinZip
    .lib, N/A
    .library-ms, LibraryFolder
    .lnk, Lnkfile
    .local, N/A
    .log, Txtfile
    .lst, N/A
    .lzh, WinZip
    .lzs, N/A
    .m14, N/A
    .m15, N/A
    .m1a, N/A
    .m1s, N/A
    .m1v, WMP11.AssocFile.MPEG
    .m2t, WMP11.AssocFile.M2TS
    .m2ts, WMP11.AssocFile.M2TS
    .m2v, WMP11.AssocFile.MPEG
    .m3u, WMP11.AssocFile.m3u
    .m3url, N/A
    .m4a, QuickTime.m4a
    .m4b, QuickTime.m4b
    .m4p, QuickTime.m4p
    .m4v, QuickTime.m4v
    .m75, N/A
    .mac, QuickTime.mac
    .MahjongTitansSave-ms, MicrosoftMahjongTitansSaveFile
    .mak, N/A
    .man, N/A
    .manifest, N/A
    .mapimail, Clsid\{9e56be60-c50f-11cf-9a2c-00a0c90a90ce}
    .mcl, MediaCenter.MCL
    .mfp, MacromediaFlashPaper.MacromediaFlashPaper
    .mgc, MediaCatalogMGC
    .mht, Mhtmlfile
    .mhtml, Mhtmlfile
    .mid, WMP11.AssocFile.MIDI
    .midi, WMP11.AssocFile.MIDI
    .mig, Migfile
    .mim, WinZip
    .mime, N/A
    .MinesweeperSave-ms, MicrosoftMinesweeperSaveFile
    .mk, N/A
    .mkv, Divx_mkv_file
    .mlc, LpkSetup.1
    .mmf, N/A
    .mml, MediaCatalogMML
    .mmw, MediaCatalogMMW
    .mod, WMP11.AssocFile.MPEG
    .mov, QuickTime.mov
    .movie, N/A
    .mp2, WMP11.AssocFile.MP3
    .mp2v, WMP11.AssocFile.MPEG
    .mp3, WMP11.AssocFile.MP3
    .mp4, QuickTime.mp4
    .mp4v, WMP11.AssocFile.MP4
    .mpa, WMP11.AssocFile.MPEG
    .mpe, WMP11.AssocFile.MPEG
    .mpeg, WMP11.AssocFile.MPEG
    .mpf, MediaPackageFile
    .mpg, WMP11.AssocFile.MPEG
    .mpm, N/A
    .mpv, N/A
    .mpv2, WMP11.AssocFile.MPEG
    .mqv, QuickTime.mqv
    .mrw, N/A
    .msc, MSCFile
    .msdvd, N/A
    .msg, Outlook.File.msg.14
    .msi, Msi.Package
    .msp, Msi.Patch
    .msrcincident, RemoteAssistance.1
    .msstyles, Msstylesfile
    .msu, Microsoft.System.Update.1
    .mswmm, N/A
    .mts, WMP11.AssocFile.M2TS
    .mv, N/A
    .mydocs, CLSID\{ECF03A32-103D-11d2-854D-006008059367}
    .ncb, N/A
    .nef, N/A
    .nfo, MSInfoFile
    .nk2, Outlook.File.nk2.14
    .nvr, N/A
    .nws, WindowsLiveMail.News.1
    .obj, N/A
    .oc_, N/A
    .ocx, Ocxfile
    .odc, Odcfile
    .odccubefile, Odccubefile
    .odcdatabasefile, Odcdatabasefile
    .odcnewfile, Odcnewfile
    .odctablefile, Odctablefile
    .odh, N/A
    .odl, N/A
    .odp, PowerPoint.OpenDocumentPresentation.12
    .ods, Excel.OpenDocumentSpreadsheet.12
    .odt, Word.OpenDocumentText.12
    .ofs, Outlook.File.ofs.14
    .oft, Outlook.File.oft.14
    .ogg, N/A
    .one, OneNote.Section.1
    .onepkg, OneNote.Package
    .onetoc, OneNote.TableOfContents
    .onetoc2, OneNote.TableOfContents.12
    .opc, OPCFile
    .oqy, Oqyfile
    .orf, N/A
    .osdx, Opensearchdescription
    .ost, Outlook.File.ost.14
    .otf, Otffile
    .otm, Outlook.File.otm.14
    .ova, VMware.OVAPackage
    .ovf, VMware.OVFPackage
    .p10, P10File
    .p12, PFXFile
    .p7b, SPCFile
    .p7c, Certificate_wab_auto_file
    .p7m, P7MFile
    .p7r, P7RFile
    .p7s, P7SFile
    .pab, Outlook.File.pab.14
    .partial, IE.AssocFile.PARTIAL
    .pbk, Pbkfile
    .pcb, PCBFile
    .pch, N/A
    .pct, QuickTime.pct
    .pdb, N/A
    .pdf, AcroExch.Document
    .pdfxml, AcroExch.pdfxml
    .pds, N/A
    .pdx, PDXFileType
    .pef, N/A
    .perfmoncfg, Diagnostic.Perfmon.Config
    .pfm, Pfmfile
    .pfx, PFXFile
    .php, Php_auto_file
    .php3, N/A
    .pic, QuickTime.pic
    .pict, QuickTime.pict
    .pif, Piffile
    .pko, PKOFile
    .pl, N/A
    .plg, N/A
    .plist, QuickTimePreferences
    .pma, N/A
    .pmc, N/A
    .pml, N/A
    .pmr, N/A
    .pnf, Pnffile
    .png, Pngfile
    .pnt, QuickTime.pnt
    .pntg, QuickTime.pntg
    .pot, PowerPoint.Template.8
    .pothtml, Powerpointhtmltemplate
    .potm, PowerPoint.TemplateMacroEnabled.12
    .potx, PowerPoint.Template.12
    .ppa, PowerPoint.Addin.8
    .ppam, PowerPoint.Addin.12
    .pps, PowerPoint.SlideShow.8
    .ppsm, PowerPoint.SlideShowMacroEnabled.12
    .ppsx, PowerPoint.SlideShow.12
    .ppt, PowerPoint.Show.8
    .ppthtml, Powerpointhtmlfile
    .pptm, PowerPoint.ShowMacroEnabled.12
    .pptmhtml, Powerpointmhtmlfile
    .pptx, PowerPoint.Show.12
    .pptxml, Powerpointxmlfile
    .prc, N/A
    .prf, Prffile
    .ps, N/A
    .ps1, Microsoft.PowerShellScript.1
    .ps1xml, Microsoft.PowerShellXMLData.1
    .psc1, Microsoft.PowerShellConsole.1
    .psd, Psd_auto_file
    .psd1, Microsoft.PowerShellData.1
    .psm1, Microsoft.PowerShellModule.1
    .pst, Outlook.File.pst.14
    .ptx, N/A
    .PurblePairsSave-ms, MicrosoftPurblePairsSaveFile
    .PurbleShopSave-ms, MicrosoftPurbleShopSaveFile
    .pwz, PowerPoint.Wizard.8
    .qcp, N/A
    .qds, SavedDsQuery
    .qht, QuickTime.qht
    .qhtm, QuickTime.qhtm
    .qpa, QuickTimePlayerAddition
    .qt, QuickTime.qt
    .qti, QuickTime.qti
    .qtif, QuickTime.qtif
    .qtl, QuickTime.qtl
    .qtp, QuickTimePreferences
    .qtr, QuickTimeResources
    .qts, QuickTimeSystem
    .qtx, QuickTimeExtension
    .raf, N/A
    .rar, WinZip
    .rat, Ratfile
    .rc, N/A
    .rc2, N/A
    .rct, N/A
    .rdp, RDP.File
    .reg, Regfile
    .rels, Xmlfile
    .res, N/A
    .resmoncfg, Diagnostic.Resmon.Config
    .rgb, N/A
    .rgs, N/A
    .rle, Rlefile
    .rll, Dllfile
    .rmi, WMP11.AssocFile.MIDI
    .rpc, N/A
    .rqy, Rqyfile
    .rsp, N/A
    .rss, WindowsLiveMail.Email.1
    .rtf, Word.RTF.8
    .rts, N/A
    .rtsp, N/A
    .rul, N/A
    .s, N/A
    .sbe, SpybotSD.SBEFile
    .sbi, SpybotSD.SBIFile
    .sbr, N/A
    .sbs, SpybotSD.SBSFile
    .sc2, N/A
    .scc, N/A
    .scd, N/A
    .scf, SHCmdFile
    .sch, N/A
    .scp, Txtfile
    .scr, Scrfile
    .sct, Scriptletfile
    .sd2, QuickTime.sd2
    .sdf, SQLServerCompactEditionDatabaseFile
    .sdp, QuickTime.sdp
    .sdv, N/A
    .searchConnector-ms, SearchConnectorFolder
    .search-ms, SearchFolder
    .secstore, AcroExch.SecStore
    .sed, N/A
    .sfcache, N/A
    .sgi, N/A
    .shtm, N/A
    .shtml, FirefoxHTML
    .sit, N/A
    .skm, N/A
    .skype, Skype.Content
    .sldm, PowerPoint.SlideMacroEnabled.12
    .sldx, PowerPoint.Slide.12
    .slk, Excel.SLK
    .slupkg-ms, N/A
    .smf, N/A
    .smi, N/A
    .smil, N/A
    .sml, N/A
    .snd, WMP11.AssocFile.AU
    .sol, N/A
    .SolitaireSave-ms, MicrosoftSolitaireSaveFile
    .sor, N/A
    .spc, SPCFile
    .SpiderSolitaireSave-ms, MicrosoftSpiderSolitaireSaveFile
    .spl, ShockwaveFlash.ShockwaveFlash
    .sql, N/A
    .sr_, N/A
    .sr2, N/A
    .srf, N/A
    .sst, CertificateStoreFile
    .stl, STLFile
    .stm, N/A
    .svg, Svgfile
    .swa, N/A
    .swf, ShockwaveFlash.ShockwaveFlash
    .sy_, N/A
    .sym, N/A
    .sys, Sysfile
    .tab, N/A
    .tar, WinZip
    .targa, N/A
    .taz, WinZip
    .tbz, WinZip
    .tbz2, WinZip
    .tdl, N/A
    .text, N/A
    .tga, N/A
    .tgz, WinZip
    .theme, Themefile
    .themepack, Themepackfile
    .thmx, OfficeTheme.12
    .tif, TIFImage.Document
    .tiff, TIFImage.Document
    .tix, Divx_tix_file
    .tlb, N/A
    .tlh, N/A
    .tli, N/A
    .tnfo, SpybotSD.TInfoFile
    .trg, N/A
    .ts, WMP11.AssocFile.TTS
    .tsp, N/A
    .tsv, N/A
    .ttc, Ttcfile
    .ttf, Ttffile
    .tts, WMP11.AssocFile.TTS
    .txt, Txtfile
    .tz, WinZip
    .udf, N/A
    .udl, Msdasc
    .udt, N/A
    .ulw, N/A
    .url, InternetShortcut
    .user, N/A
    .usr, N/A
    .uti, SpybotSD.UTIFile
    .uts, SpybotSD.UTSFile
    .uu, WinZip
    .uue, WinZip
    .uxdc, Uxdcfile
    .vbe, VBEFile
    .vbproj, N/A
    .vbs, VBSFile
    .vbx, N/A
    .vcf, Outlook.File.vcf.14
    .vcproj, N/A
    .vcs, Outlook.File.vcs.14
    .vdw, N/A
    .vdx, VisioViewer.Viewer
    .vfw, N/A
    .viw, N/A
    .vmdk, VMware.VirtualDisk
    .vmhf, VMware.Hotfix
    .vmhr, VMware.Hotfix.Request
    .vmsn, VMware.Snapshot
    .vmss, VMware.SuspendState
    .vmx, VMware.Document
    .vob, Divx_vob_file
    .vsd, VisioViewer.Viewer
    .vspscc, N/A
    .vss, VisioViewer.Viewer
    .vsscc, N/A
    .vssscc, N/A
    .vst, VisioViewer.Viewer
    .vsto, Bootstrap.vsto.1
    .vsx, VisioViewer.Viewer
    .vtx, VisioViewer.Viewer
    .vxd, Vxdfile
    .wab, Wab_auto_file
    .wav, WMP11.AssocFile.WAV
    .wax, WMP11.AssocFile.WAX
    .wbcat, Wbcatfile
    .wbk, Word.Backup.8
    .wcx, Wcxfile
    .wdp, Wdpfile
    .webm, FirefoxHTML
    .webpnp, WebpnpFile
    .website, Microsoft.Website
    .wid, N/A
    .wiz, Word.Wizard.8
    .wjf, WinZip.JobFile
    .wlg, WlgFile
    .wll, Word.Addin.8
    .wlmp, N/A
    .wlpginstall, WLPG Detection
    .wlpginstall3, WLPG Detection
    .wlt, N/A
    .wm, WMP11.AssocFile.ASF
    .wma, WMP11.AssocFile.WMA
    .wmd, WMP11.AssocFile.WMD
    .wmdb, WMP.WMDBFile
    .wmf, Wmffile
    .wmp, N/A
    .wms, WMP11.AssocFile.WMS
    .wmv, WMP11.AssocFile.WMV
    .wmx, WMP11.AssocFile.ASX
    .wmz, WMP11.AssocFile.WMZ
    .wpl, WMP11.AssocFile.WPL
    .wpost, WindowsLiveWriter.Post.1
    .wps, N/A
    .wpt, N/A
    .wri, N/A
    .wsc, Scriptletfile
    .wsf, WSFFile
    .wsh, WSHFile
    .wsz, N/A
    .wtf, N/A
    .wtv, MediaCenter.WTVFile
    .wtx, Txtfile
    .wvx, WMP11.AssocFile.WVX
    .wzconfig, WinZip.SetupConfig
    .wzmul, WinZip.RegFile
    .wztheme, WinZip.Theme
    .x, N/A
    .x3f, N/A
    .xaml, Windows.XamlDocument
    .xbap, Windows.Xbap
    .xdp, AcroExch.XDPDoc
    .xevgenxml, XEV.GenericApp
    .xfdf, AcroExch.XFDFDoc
    .xht, FirefoxHTML
    .xhtml, FirefoxHTML
    .xix, N/A
    .xla, Excel.Addin
    .xlam, Excel.AddInMacroEnabled
    .xlb, N/A
    .xlc, N/A
    .xld, Excel.Dialog
    .xlk, Excel.Backup
    .xll, Excel.XLL
    .xlm, Excel.Macrosheet
    .xls, Excel.Sheet.8
    .xlsb, Excel.SheetBinaryMacroEnabled.12
    .xlshtml, Excelhtmlfile
    .xlsm, Excel.SheetMacroEnabled.12
    .xlsmhtml, Excelmhtmlfile
    .xlsx, Excel.Sheet.12
    .xlt, Excel.Template.8
    .xlthtml, Excelhtmltemplate
    .xltm, Excel.TemplateMacroEnabled
    .xltx, Excel.Template
    .xlw, Excel.Workspace
    .xlxml, Excelxmlss
    .xml, Xmlfile
    .xps, Windows.XPSReachViewer
    .xrm-ms, MSSppLicenseFile
    .xsd, N/A
    .xsl, Xslfile
    .xslt, N/A
    .xvid, Divx_xvid_file
    .xvm, VMware.Console.Config
    .xx, N/A
    .xxe, WinZip
    .yfs, N/A
    .z, WinZip
    .z96, N/A
    .zfsendtotarget, Clsid\{888dca60-fc0a-11cf-8f0f-00c04fd7d062}
    .zip, WinZip
    .zipx, WinZip.ZIPX
    Shell Extensions:

    Code:
    Microsoft.PowerShellConsole.1, 0, C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe
    Microsoft.PowerShellScript.1, 0, C:\Windows\System32\WindowsPowerShell\v1.0\Powershell.exe
    CERFile, Add, %SystemRoot%\system32\Rundll32.exe
    CRLFile, Add, %SystemRoot%\system32\Rundll32.exe
    P7RFile, Add, %SystemRoot%\system32\Rundll32.exe
    PFXFile, Add, %SystemRoot%\system32\Rundll32.exe
    SPCFile, Add, %SystemRoot%\system32\Rundll32.exe
    STLFile, Add, %SystemRoot%\system32\Rundll32.exe
    odcfile, Analyze, C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE
    mscfile, Author, %SystemRoot%\system32\Mmc.exe
    DVDMaker.DVD, Burn, %ProgramFiles%\DVD Maker\Dvdmaker.exe
    Windows.IsoFile, Burn, %SystemRoot%\System32\Isoburn.exe
    WMP.BurnCD, Burn, %ProgramFiles(x86)%\Windows Media Player\Wmplayer.exe
    Directory, Cmd, cmd.exe /s /k pushd "%V"
    Directory, Cmd, Cmd.exe
    Drive, Cmd, Cmd.exe
    scrfile, Config, Unknown
    RDP.File, Connect, Mstsc.exe
    cplfile, Cplopen, %SystemRoot%\System32\Control.exe
    DesktopBackground, Display, Unknown
    .wjf, Edit, E:\Misc\winzip\Winzip64.exe
    batfile, Edit, %SystemRoot%\System32\Notepad.exe
    cmdfile, Edit, %SystemRoot%\System32\Notepad.exe
    Excel.Backup, Edit, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.Macrosheet, Edit, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.OpenDocumentSpreadsheet.12, Edit, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.Sheet.12, Edit, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.Sheet.8, Edit, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.SheetBinaryMacroEnabled.12, Edit, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.SheetMacroEnabled.12, Edit, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.Template, Edit, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.Template.8, Edit, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.TemplateMacroEnabled, Edit, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.WebQuery, Edit, C:\PROGRA~2\MICROS~1\Office14\Excel.exe
    group_wab_auto_file, Edit, %ProgramFiles%\Windows Mail\Wab.exe
    htmlfile, Edit, C:\Program Files (x86)\Microsoft Office\Office14\Msohtmed.exe
    JSEFile, Edit, C:\Windows\System32\Notepad.exe
    JSFile, Edit, C:\Windows\System32\Notepad.exe
    mhtmlfile, Edit, C:\Program Files (x86)\Microsoft Office\Office14\Msohtmed.exe
    Microsoft.PowerShellData.1, Edit, C:\Windows\System32\WindowsPowerShell\v1.0\Powershell_ise.exe
    Microsoft.PowerShellModule.1, Edit, C:\Windows\System32\WindowsPowerShell\v1.0\Powershell_ise.exe
    Microsoft.PowerShellScript.1, Edit, C:\Windows\System32\WindowsPowerShell\v1.0\Powershell_ise.exe
    odcfile, Edit, C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE
    OneNote.Folder.1, Edit, C:\PROGRA~2\MICROS~1\Office14\Onenote.exe
    OneNote.Notebook.1, Edit, C:\PROGRA~2\MICROS~1\Office14\Onenote.exe
    OneNote.Section.1, Edit, C:\Program Files (x86)\Microsoft Office\Office14\Onenote.exe
    Paint.Picture, Edit, %systemroot%\system32\Mspaint.exe
    PBrush, Edit, %systemroot%\system32\Mspaint.exe
    PowerPoint.OpenDocumentPresentation.12, Edit, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.Show.12, Edit, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.Show.8, Edit, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.ShowMacroEnabled.12, Edit, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.Slide.12, Edit, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.Slide.8, Edit, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.SlideMacroEnabled.12, Edit, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.SlideShow.12, Edit, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.SlideShow.8, Edit, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.SlideShowMacroEnabled.12, Edit, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.Template.12, Edit, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.Template.8, Edit, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.TemplateMacroEnabled.12, Edit, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    RDP.File, Edit, Mstsc.exe
    regfile, Edit, %SystemRoot%\system32\Notepad.exe
    VBEFile, Edit, %SystemRoot%\System32\Notepad.exe
    VBSFile, Edit, %SystemRoot%\System32\Notepad.exe
    Windows.XamlDocument, Edit, %WinDir%\System32\Notepad.exe
    Windows.Xbap, Edit, %WinDir%\System32\Notepad.exe
    WindowsLiveMail.VCard.1, Edit, C:\Program Files (x86)\Windows Live\Mail\Wlmail.exe
    WinZip.JobFile, Edit, E:\Misc\winzip\WINZIP64.EXE
    Word.Backup.8, Edit, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.Document.12, Edit, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.Document.8, Edit, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.DocumentMacroEnabled.12, Edit, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.OpenDocumentText.12, Edit, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.RTF.8, Edit, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.Template.12, Edit, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.Template.8, Edit, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.TemplateMacroEnabled.12, Edit, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    wordxmlfile, Edit, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    WSFFile, Edit, %SystemRoot%\System32\Notepad.exe
    xmlfile, Edit, C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Msoxmled.exe
    dqyfile, Edit_Query_in_Notepad, Notepad.exe
    iqyfile, Edit_Query_in_Notepad, Notepad.exe
    oqyfile, Edit_Query_in_Notepad, Notepad.exe
    rqyfile, Edit_Query_in_Notepad, Notepad.exe
    odcfile, EditText, Notepad.exe
    MediaCenter.WTVFile, Enqueue, Unknown
    Stack.Audio, Enqueue, Unknown
    Stack.Image, Enqueue, Unknown
    Stack.Video, Enqueue, Unknown
    WMP.DVR-MSFile, Enqueue, Unknown
    WMP.WTVFile, Enqueue, Unknown
    WMP11.AssocFile.3G2, Enqueue, Unknown
    WMP11.AssocFile.3GP, Enqueue, Unknown
    WMP11.AssocFile.ADTS, Enqueue, Unknown
    WMP11.AssocFile.AIFF, Enqueue, Unknown
    WMP11.AssocFile.ASF, Enqueue, Unknown
    WMP11.AssocFile.ASX, Enqueue, Unknown
    WMP11.AssocFile.AU, Enqueue, Unknown
    WMP11.AssocFile.AVI, Enqueue, Unknown
    WMP11.AssocFile.M2TS, Enqueue, Unknown
    WMP11.AssocFile.M3U, Enqueue, Unknown
    WMP11.AssocFile.M4A, Enqueue, Unknown
    WMP11.AssocFile.MIDI, Enqueue, Unknown
    WMP11.AssocFile.MOV, Enqueue, Unknown
    WMP11.AssocFile.MP3, Enqueue, Unknown
    WMP11.AssocFile.MP4, Enqueue, Unknown
    WMP11.AssocFile.MPEG, Enqueue, Unknown
    WMP11.AssocFile.TTS, Enqueue, Unknown
    WMP11.AssocFile.WAV, Enqueue, Unknown
    WMP11.AssocFile.WAX, Enqueue, Unknown
    WMP11.AssocFile.wma, Enqueue, Unknown
    WMP11.AssocFile.WMV, Enqueue, Unknown
    WMP11.AssocFile.WPL, Enqueue, Unknown
    WMP11.AssocFile.WVX, Enqueue, Unknown
    Folder, Explore, Unknown
    Directory, Find, %SystemRoot%\Explorer.exe
    CABFolder, Find, %SystemRoot%\Explorer.exe
    CompressedFolder, Find, %SystemRoot%\Explorer.exe
    Directory, Find, %SystemRoot%\Explorer.exe
    Drive, Find, %SystemRoot%\Explorer.exe
    WindowsLiveMail.Email.1, Forward, C:\Program Files (x86)\Windows Live\Mail\Wlmail.exe
    WindowsLiveMail.News.1, Forward, C:\Program Files (x86)\Windows Live\Mail\Wlmail.exe
    DesktopBackground, Gadgets, Unknown
    scriptletfile, Generate Typelib, C:\Windows\system32\Rundll32.exe
    inffile, Install, %SystemRoot%\System32\InfDefaultInstall.exe
    LpkSetup.1, Install, %systemroot%\system32\Lpksetup.exe
    scrfile, Install, Rundll32.exe
    Excel.Chart.8, New, Unknown
    Excel.Macrosheet, New, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.OpenDocumentSpreadsheet.12, New, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.Sheet.12, New, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.Sheet.8, New, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.SheetBinaryMacroEnabled.12, New, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.SheetMacroEnabled.12, New, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.Template, New, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.Template.8, New, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.TemplateMacroEnabled, New, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.Workspace, New, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    OfficeTheme.12, New, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    OneNote.Section.1, New, C:\Program Files (x86)\Microsoft Office\Office14\Onenote.exe
    Outlook.File.oft.14, New, C:\Program Files (x86)\Microsoft Office\Office14\Outlook.exe
    PowerPoint.OpenDocumentPresentation.12, New, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.Show.12, New, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.Show.8, New, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.ShowMacroEnabled.12, New, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.Slide.12, New, C:\PROGRA~2\MICROS~1\Office14\POWERPNT.EXE
    PowerPoint.Slide.8, New, C:\PROGRA~2\MICROS~1\Office14\POWERPNT.EXE
    PowerPoint.SlideMacroEnabled.12, New, C:\PROGRA~2\MICROS~1\Office14\POWERPNT.EXE
    PowerPoint.SlideShow.12, New, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.SlideShow.8, New, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.SlideShowMacroEnabled.12, New, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.Template.12, New, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.Template.8, New, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.TemplateMacroEnabled.12, New, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    Word.Backup.8, New, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.Document.12, New, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.Document.8, New, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.DocumentMacroEnabled.12, New, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.OpenDocumentText.12, New, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.RTF.8, New, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.Template.12, New, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.Template.8, New, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.TemplateMacroEnabled.12, New, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.Wizard.8, New, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.Backup.8, OnenotePrintto, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.Document.12, OnenotePrintto, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.Document.8, OnenotePrintto, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.DocumentMacroEnabled.12, OnenotePrintto, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.OpenDocumentText.12, OnenotePrintto, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.RTF.8, OnenotePrintto, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.Template.12, OnenotePrintto, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.Template.8, OnenotePrintto, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.TemplateMacroEnabled.12, OnenotePrintto, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    .gadget, Open, Unknown
    .wjf, Open, E:\Misc\winzip\Winzip64.exe
    .wzmul, Open, E:\Misc\winzip\Winzip64.exe
    acrobat, Open, C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
    AcroExch.acrobatsecuritysettings.1, Open, C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
    AcroExch.Document, Open, C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
    AcroExch.Document.7, Open, C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
    AcroExch.FDFDoc, Open, C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
    AcroExch.pdfxml.1, Open, C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
    AcroExch.XDPDoc, Open, C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
    AcroExch.XFDFDoc, Open, C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
    Application.Manifest, Open, Rundll32.exe
    Application.Reference, Open, Rundll32.exe
    batfile, Open, Unknown
    bootstrap.vsto.1, Open, rundll32.exe "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\Vstoee.dll
    CABFolder, Open, %SystemRoot%\Explorer.exe
    callto, Open, C:\Program Files (x86)\Skype\Phone\Skype.exe
    CATFile, Open, %SystemRoot%\system32\Rundll32.exe
    CERFile, Open, %SystemRoot%\system32\Rundll32.exe
    CertificateStoreFile, Open, %SystemRoot%\system32\Rundll32.exe
    certificate_wab_auto_file, Open, %ProgramFiles%\Windows Mail\Wab.exe
    cmdfile, Open, Unknown
    comfile, Open, Unknown
    CompressedFolder, Open, %SystemRoot%\Explorer.exe
    contact_wab_auto_file, Open, %ProgramFiles%\Windows Mail\Wab.exe
    CRLFile, Open, %SystemRoot%\system32\Rundll32.exe
    Diagnostic.Cabinet, Open, %SystemRoot%\system32\Msdt.exe
    Diagnostic.Config, Open, %SystemRoot%\system32\Msdt.exe
    Diagnostic.Document, Open, %SystemRoot%\system32\Msdt.exe
    Diagnostic.Perfmon.Config, Open, %SystemRoot%\system32\Perfmon
    Diagnostic.Perfmon.Document, Open, %SystemRoot%\system32\Perfmon
    Diagnostic.Resmon.Config, Open, %SystemRoot%\system32\Perfmon
    divx_asf_file, Open, E:\Misc\DivX\DivX Plus Player\DivX
    divx_avi_file, Open, E:\Misc\DivX\DivX Plus Player\DivX
    divx_divx_file, Open, E:\Misc\DivX\DivX Plus Player\DivX
    divx_div_file, Open, E:\Misc\DivX\DivX Plus Player\DivX
    divx_mkv_file, Open, E:\Misc\DivX\DivX Plus Player\DivX
    divx_mov_file, Open, E:\Misc\DivX\DivX Plus Player\DivX
    divx_mp4_file, Open, E:\Misc\DivX\DivX Plus Player\DivX
    divx_mpeg_file, Open, E:\Misc\DivX\DivX Plus Player\DivX
    divx_mpg_file, Open, E:\Misc\DivX\DivX Plus Player\DivX
    divx_qt_file, Open, E:\Misc\DivX\DivX Plus Player\DivX
    divx_tix_file, Open, E:\Misc\DivX\DivX Plus Player\DivX
    divx_vob_file, Open, E:\Misc\DivX\DivX Plus Player\DivX
    divx_wmv_file, Open, E:\Misc\DivX\DivX Plus Player\DivX
    divx_xvid_file, Open, E:\Misc\DivX\DivX Plus Player\DivX
    docxfile, Open, %ProgramFiles%\Windows NT\Accessories\Wordpad.exe
    dqyfile, Open, C:\PROGRA~2\MICROS~1\Office14\Excel.exe
    dzmfile, Open, C:\Program Files (x86)\CyberLink\Shared files\EffectExtractor.exe
    dzpfile, Open, C:\Program Files (x86)\CyberLink\Shared files\EffectExtractor.exe
    dztfile, Open, C:\Program Files (x86)\CyberLink\Shared files\EffectExtractor.exe
    EHomeDropTarget.EHomeC2RDropTarget, Open, Unknown
    EHomeDropTarget.EHomeMCLDropTarget, Open, Unknown
    emffile, Open, %systemroot%\system32\Mspaint.exe
    evtfile, Open, %SystemRoot%\system32\eventvwr.exe /l:
    evtxfile, Open, %SystemRoot%\system32\eventvwr.exe /l:
    Excel.Addin, Open, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.AddInMacroEnabled, Open, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.Backup, Open, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.Chart, Open, C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE
    Excel.Chart.8, Open, Unknown
    Excel.CSV, Open, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.Macrosheet, Open, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.OpenDocumentSpreadsheet.12, Open, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.Sheet.12, Open, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.Sheet.8, Open, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.SheetBinaryMacroEnabled.12, Open, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.SheetMacroEnabled.12, Open, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.SLK, Open, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.Template, Open, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.Template.8, Open, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.TemplateMacroEnabled, Open, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.Workspace, Open, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.XLL, Open, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excelhtmlfile, Open, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excelhtmltemplate, Open, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    exefile, Open, Unknown
    Explorer.AssocProtocol.search-ms, Open, %SystemRoot%\Explorer.exe
    FaxCover.Document, Open, Unknown
    feed, Open, C:\PROGRA~2\MICROS~1\Office14\Outlook.exe
    FirefoxHTML, Open, C:\Program Files (x86)\Mozilla Firefox\Firefox.exe
    FirefoxURL, Open, C:\Program Files (x86)\Mozilla Firefox\Firefox.exe
    Folder, Open, %SystemRoot%\Explorer.exe
    ftp, Open, C:\Program Files (x86)\Mozilla Firefox\Firefox.exe
    giffile, Open, C:\Program Files (x86)\Internet Explorer\Iexplore.exe
    group_wab_auto_file, Open, %ProgramFiles%\Windows Mail\Wab.exe
    hlpfile, Open, %SystemRoot%\Winhlp32.exe
    htafile, Open, C:\Windows\SysWOW64\Mshta.exe
    htmlfile, Open, C:\Program Files (x86)\Internet Explorer\Iexplore.exe
    http, Open, C:\Program Files (x86)\Mozilla Firefox\Firefox.exe
    https, Open, C:\Program Files (x86)\Mozilla Firefox\Firefox.exe
    icofile, Open, %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll
    IE.AssocFile.HTM, Open, C:\Program Files (x86)\Internet Explorer\Iexplore.exe
    IE.AssocFile.MHT, Open, C:\Program Files (x86)\Internet Explorer\Iexplore.exe
    IE.AssocFile.PARTIAL, Open, C:\Program Files (x86)\Internet Explorer\Iexplore.exe
    IE.AssocFile.SVG, Open, C:\Program Files (x86)\Internet Explorer\Iexplore.exe
    IE.AssocFile.URL, Open, C:\Windows\System32\Rundll32.exe
    IE.AssocFile.WEBSITE, Open, Unknown
    IE.AssocFile.XHT, Open, C:\Program Files (x86)\Internet Explorer\Iexplore.exe
    IE.FTP, Open, C:\Program Files (x86)\Internet Explorer\Iexplore.exe
    IE.HTTP, Open, C:\Program Files (x86)\Internet Explorer\Iexplore.exe
    IE.HTTPS, Open, C:\Program Files (x86)\Internet Explorer\Iexplore.exe
    inffile, Open, %SystemRoot%\system32\Notepad.exe
    inifile, Open, %SystemRoot%\system32\Notepad.exe
    iqyfile, Open, C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE
    jpegfile, Open, %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll
    JSEFile, Open, C:\Windows\System32\WScript.exe
    JSFile, Open, C:\Windows\System32\WScript.exe
    LDAP, Open, %ProgramFiles%\Windows Mail\Wab.exe
    MacromediaFlashPaper.MacromediaFlashPaper, Open, C:\Program Files (x86)\Internet Explorer\Iexplore.exe
    mailto, Open, C:\PROGRA~2\MICROS~1\Office14\Outlook.exe
    MediaCenter.C2R, Open, Unknown
    MediaCenter.MCL, Open, Unknown
    MediaPackageFile, Open, C:\Program Files (x86)\Microsoft Office\Office14\Mstore.exe
    mhtmlfile, Open, C:\Program Files (x86)\Internet Explorer\Iexplore.exe
    Microsoft.InformationCard, Open, C:\Windows\System32\rundll32.exe C:\Windows\System32\Infocardcpl.cpl
    Microsoft.LivePhotoAcqDropTarget.1, Open, Unknown
    Microsoft.LivePhotoAcqDTShim.1, Open, Unknown
    Microsoft.Photos.LiveAutoplayHandler.1, Open, Unknown
    Microsoft.Photos.LiveAutoplayShim.1, Open, Unknown
    Microsoft.PowerShellConsole.1, Open, C:\Windows\System32\WindowsPowerShell\v1.0\Powershell.exe
    Microsoft.PowerShellData.1, Open, C:\Windows\System32\Notepad.exe
    Microsoft.PowerShellModule.1, Open, C:\Windows\System32\Notepad.exe
    Microsoft.PowerShellScript.1, Open, C:\Windows\System32\Notepad.exe
    Microsoft.System.Update.1, Open, %systemroot%\system32\Wusa.exe
    Microsoft.Website, Open, Unknown
    Microsoft.WindowsCardSpaceBackup, Open, C:\Windows\System32\rundll32.exe C:\Windows\System32\Infocardcpl.cpl
    MicrosoftChessTitansSaveFile, Open, C:\Program Files\Microsoft Games\Chess\Chess.exe
    MicrosoftComfyCakesSaveFile, Open, C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe
    MicrosoftFreeCellSaveFile, Open, C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe
    MicrosoftHeartsSaveFile, Open, C:\Program Files\Microsoft Games\Hearts\Hearts.exe
    MicrosoftMahjongTitansSaveFile, Open, C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe
    MicrosoftMinesweeperSaveFile, Open, C:\Program Files\Microsoft Games\Minesweeper\Minesweeper.exe
    MicrosoftPurblePairsSaveFile, Open, C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe
    MicrosoftPurbleShopSaveFile, Open, C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe
    MicrosoftSolitaireSaveFile, Open, C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe
    MicrosoftSpiderSolitaireSaveFile, Open, C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
    migfile, Open, C:\Windows\System32\migwiz\Migwiz.exe
    MMS, Open, %ProgramFiles(x86)%\Windows Media Player\Wmplayer.exe
    mscfile, Open, %SystemRoot%\system32\Mmc.exe
    MSDASC, Open, Rundll32.exe "%CommonProgramFiles%\System\OLE DB\Oledb32.dll
    Msi.Package, Open, %SystemRoot%\System32\Msiexec.exe
    Msi.Patch, Open, %SystemRoot%\System32\Msiexec.exe
    MSInfoFile, Open, %SystemRoot%\system32\Msinfo32.exe
    MSSppLicenseFile, Open, Iexplore.exe
    msstylesfile, Open, %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,Control_RunDLL %SystemRoot%\system32\desk.cpl desk,@Appearance /Action:OpenMSTheme /file:
    odtfile, Open, %ProgramFiles%\Windows NT\Accessories\Wordpad.exe
    OfficeTheme.12, Open, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    oms, Open, rundll32.exe C:\PROGRA~2\MICROS~1\Office14\OMSMAIN.DLL
    OneNote, Open, C:\PROGRA~2\MICROS~1\Office14\Onenote.exe
    OneNote.Folder.1, Open, C:\PROGRA~2\MICROS~1\Office14\Onenote.exe
    OneNote.Notebook.1, Open, C:\PROGRA~2\MICROS~1\Office14\Onenote.exe
    OneNote.Package, Open, C:\Program Files (x86)\Microsoft Office\Office14\Onenote.exe
    OneNote.Section.1, Open, C:\Program Files (x86)\Microsoft Office\Office14\Onenote.exe
    OneNote.TableOfContents, Open, C:\Program Files (x86)\Microsoft Office\Office14\Onenote.exe
    OneNote.TableOfContents.12, Open, C:\Program Files (x86)\Microsoft Office\Office14\Onenote.exe
    opensearchdescription, Open, %SystemRoot%\Explorer.exe
    opensearchfilefolderresult, Open, Unknown
    opensearchresult, Open, Unknown
    Outlook.File.eml.14, Open, C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
    Outlook.File.hol.14, Open, C:\Program Files (x86)\Microsoft Office\Office14\Outlook.exe
    Outlook.File.ics.14, Open, C:\Program Files (x86)\Microsoft Office\Office14\Outlook.exe
    Outlook.File.msg.14, Open, C:\Program Files (x86)\Microsoft Office\Office14\Outlook.exe
    Outlook.File.oft.14, Open, C:\Program Files (x86)\Microsoft Office\Office14\Outlook.exe
    Outlook.File.pst.14, Open, C:\Program Files (x86)\Microsoft Office\Office14\Outlook.exe
    Outlook.File.vcf.14, Open, C:\Program Files (x86)\Microsoft Office\Office14\Outlook.exe
    Outlook.File.vcs.14, Open, C:\Program Files (x86)\Microsoft Office\Office14\Outlook.exe
    Outlook.URL.feed.14, Open, C:\PROGRA~2\MICROS~1\Office14\Outlook.exe
    Outlook.URL.mailto.14, Open, C:\PROGRA~2\MICROS~1\Office14\Outlook.exe
    Outlook.URL.stssync.14, Open, C:\PROGRA~2\MICROS~1\Office14\Outlook.exe
    Outlook.URL.webcal.14, Open, C:\PROGRA~2\MICROS~1\Office14\Outlook.exe
    outlookfeed, Open, C:\PROGRA~2\MICROS~1\Office14\Outlook.exe
    outlookfeeds, Open, C:\PROGRA~2\MICROS~1\Office14\Outlook.exe
    P7RFile, Open, %SystemRoot%\system32\Rundll32.exe
    P7SFile, Open, %SystemRoot%\system32\\Rundll32.exe
    Paint.Picture, Open, %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll
    pbkfile, Open, %SystemRoot%\system32\Rasphone.exe
    PerfFile, Open, %SystemRoot%\system32\mmc.exe %systemroot%\system32\Perfmon.msc
    Photoshop.Image.13, Open, E:\Misc\AdobePhotoshopCS6Portable\App\PhotoshopCS6\Photoshop.exe
    Photoshop.PlugIn, Open, E:\Misc\AdobePhotoshopCS6Portable\App\PhotoshopCS6\Photoshop.exe
    php_auto_file, Open, %ProgramFiles%\Windows NT\Accessories\Wordpad.exe
    piffile, Open, Unknown
    pjpegfile, Open, %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll
    pngfile, Open, %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll
    PowerPoint.Addin.12, Open, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.Addin.8, Open, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.OpenDocumentPresentation.12, Open, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.Show.12, Open, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.Show.4, Open, C:\PROGRA~2\MICROS~1\Office14\Powerpnt.exe
    PowerPoint.Show.7, Open, C:\PROGRA~2\MICROS~1\Office14\Powerpnt.exe
    PowerPoint.Show.8, Open, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.ShowMacroEnabled.12, Open, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.Slide.12, Open, C:\PROGRA~2\MICROS~1\Office14\Powerpnt.exe
    PowerPoint.Slide.4, Open, C:\PROGRA~2\MICROS~1\Office14\Powerpnt.exe
    PowerPoint.Slide.7, Open, C:\PROGRA~2\MICROS~1\Office14\Powerpnt.exe
    PowerPoint.Slide.8, Open, C:\PROGRA~2\MICROS~1\Office14\Powerpnt.exe
    PowerPoint.SlideMacroEnabled.12, Open, C:\PROGRA~2\MICROS~1\Office14\Powerpnt.exe
    PowerPoint.SlideShow.12, Open, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.SlideShow.8, Open, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.SlideShowMacroEnabled.12, Open, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.Template.12, Open, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.Template.8, Open, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.TemplateMacroEnabled.12, Open, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.Wizard.8, Open, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    powerpointhtmlfile, Open, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    powerpointhtmltemplate, Open, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    powerpointxmlfile, Open, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    prffile, Open, %SystemRoot%\System32\Rundll32.exe
    psd_auto_file, Open, E:\Misc\AdobePhotoshopCS6Portable\AdobePhotoshopCS6Portable\PhotoshopCS6Portable.exe
    QuickTime.3g2, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.3gp, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.3gp2, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.3gpp, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.aac, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.ac3, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.adts, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.aif, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.aifc, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.aiff, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.amc, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.AMR, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.au, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.avi, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.bmp, Open, E:\Misc\Programs\PictureViewer.exe
    QuickTime.bwf, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.caf, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.cdda, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.cel, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.dib, Open, E:\Misc\Programs\PictureViewer.exe
    QuickTime.dif, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.dv, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.flc, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.fli, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.gif, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.gsm, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.jp2, Open, E:\Misc\Programs\PictureViewer.exe
    QuickTime.jpe, Open, E:\Misc\Programs\PictureViewer.exe
    QuickTime.jpeg, Open, E:\Misc\Programs\PictureViewer.exe
    QuickTime.jpg, Open, E:\Misc\Programs\PictureViewer.exe
    QuickTime.kar, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.m15, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.m1a, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.m1s, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.m1v, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.m3u, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.m3url, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.m4a, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.m4b, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.m4p, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.m4v, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.m75, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.mac, Open, E:\Misc\Programs\PictureViewer.exe
    QuickTime.mid, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.midi, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.mov, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.mp2, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.mp3, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.mp4, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.mpa, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.mpeg, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.mpg, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.mpm, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.mpv, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.mqv, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.pct, Open, E:\Misc\Programs\PictureViewer.exe
    QuickTime.pic, Open, E:\Misc\Programs\PictureViewer.exe
    QuickTime.pict, Open, E:\Misc\Programs\PictureViewer.exe
    QuickTime.png, Open, E:\Misc\Programs\PictureViewer.exe
    QuickTime.pnt, Open, E:\Misc\Programs\PictureViewer.exe
    QuickTime.pntg, Open, E:\Misc\Programs\PictureViewer.exe
    QuickTime.psd, Open, E:\Misc\Programs\PictureViewer.exe
    QuickTime.qcp, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.qht, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.qhtm, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.qt, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.qti, Open, E:\Misc\Programs\PictureViewer.exe
    QuickTime.qtif, Open, E:\Misc\Programs\PictureViewer.exe
    QuickTime.qtl, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.rgb, Open, E:\Misc\Programs\PictureViewer.exe
    QuickTime.rts, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.rtsp, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.sd2, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.sdp, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.sdv, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.sgi, Open, E:\Misc\Programs\PictureViewer.exe
    QuickTime.smf, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.smi, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.smil, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.sml, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.snd, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.swa, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.targa, Open, E:\Misc\Programs\PictureViewer.exe
    QuickTime.tga, Open, E:\Misc\Programs\PictureViewer.exe
    QuickTime.tif, Open, E:\Misc\Programs\PictureViewer.exe
    QuickTime.tiff, Open, E:\Misc\Programs\PictureViewer.exe
    QuickTime.ulw, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.vfw, Open, E:\Misc\Programs\QuickTimePlayer.exe
    QuickTime.wav, Open, E:\Misc\Programs\QuickTimePlayer.exe
    ratfile, Open, %SystemRoot%\System32\Rundll32.exe
    regedit, Open, Regedit.exe
    regfile, Open, Regedit.exe
    RemoteAssistance.1, Open, %systemRoot%\system32\Msra.exe
    rlefile, Open, %systemroot%\system32\Mspaint.exe
    rlogin, Open, C:\Windows\System32\Rundll32.exe
    rtffile, Open, %ProgramFiles%\Windows NT\Accessories\Wordpad.exe
    SavedDsQuery, Open, %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\Dsquery.dll
    scrfile, Open, Unknown
    scriptletfile, Open, C:\Windows\system32\Notepad.exe
    search, Open, %SystemRoot%\Explorer.exe
    search-ms, Open, %SystemRoot%\Explorer.exe
    SHCmdFile, Open, %SystemRoot%\Explorer.exe
    skype, Open, C:\Program Files (x86)\Skype\Phone\Skype.exe
    skype.callto, Open, C:\PROGRA~2\Skype\Phone\Skype.exe
    Skype.Content, Open, C:\Program Files (x86)\Skype\Phone\Skype.exe
    slupkg, Open, C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Promo.exe
    SPCFile, Open, %SystemRoot%\system32\Rundll32.exe
    SpybotSD.DisabledFile, Open, C:\Program Files (x86)\Spybot - Search & Destroy\Blindman.exe
    SpybotSD.SBEFile, Open, C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
    SpybotSD.SBIFile, Open, C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
    SpybotSD.SBSFile, Open, C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
    SpybotSD.TInfoFile, Open, C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
    SpybotSD.UTIFile, Open, C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
    SpybotSD.UTSFile, Open, C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
    STLFile, Open, %SystemRoot%\system32\Rundll32.exe
    stssync, Open, C:\PROGRA~2\MICROS~1\Office14\Outlook.exe
    svgfile, Open, C:\Program Files (x86)\Internet Explorer\Iexplore.exe
    telnet, Open, C:\Windows\System32\Rundll32.exe
    textfile, Open, %ProgramFiles%\Windows NT\Accessories\Wordpad.exe
    themefile, Open, %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,Control_RunDLL %SystemRoot%\system32\desk.cpl desk,@Themes /Action:OpenTheme /file:
    themepackfile, Open, %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,Control_RunDLL %SystemRoot%\system32\desk.cpl desk,@Themes /Action:OpenTheme /file:
    TIFImage.Document, Open, %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll
    tn3270, Open, C:\Windows\System32\Rundll32.exe
    txtfile, Open, %SystemRoot%\system32\Notepad.exe
    VBEFile, Open, %SystemRoot%\System32\WScript.exe
    VBSFile, Open, %SystemRoot%\System32\WScript.exe
    vcard_wab_auto_file, Open, %ProgramFiles%\Windows Mail\Wab.exe
    VisioViewer.Viewer, Open, C:\Program Files (x86)\Internet Explorer\Iexplore.exe
    VMware.Console.Config, Open, E:\School\VMware Player\Vmware.exe
    VMware.Document, Open, E:\School\VMware Player\Vmplayer.exe
    VMware.Hotfix, Open, E:\School\VMware Player\Vmplayer.exe
    VMware.OVAPackage, Open, E:\School\VMware Player\Vmplayer.exe
    VMware.OVFPackage, Open, E:\School\VMware Player\Vmplayer.exe
    wab_auto_file, Open, %ProgramFiles%\Windows Mail\Wab.exe
    wbcatfile, Open, %SystemRoot%\system32\Sdclt.exe
    wcxfile, Open, Rundll32.exe
    wdpfile, Open, %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll
    webcal, Open, C:\PROGRA~2\MICROS~1\Office14\Outlook.exe
    webcals, Open, C:\PROGRA~2\MICROS~1\Office14\Outlook.exe
    webpnpFile, Open, %SystemRoot%\system32\Wpnpinst.exe
    Windows.CompositeFont, Open, %WinDir%\System32\Notepad.exe
    Windows.DVD.Maker, Open, @%ProgramFiles%\DVD Maker\DVDMaker.exe
    Windows.gadget, Open, %ProgramFiles%\Windows Sidebar\Sidebar.exe
    Windows.XamlDocument, Open, C:\Windows\System32\PresentationHost.exe
    Windows.Xbap, Open, C:\Windows\System32\PresentationHost.exe
    Windows.XPSReachViewer, Open, %SystemRoot%\System32\Xpsrchvw.exe
    WindowsLive.MovieMaker.asset, Open, C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe
    WindowsLive.MovieMaker.MSWMM, Open, C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe
    WindowsLive.MovieMaker.WLMP, Open, C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe
    WindowsLive.PhotoGallery.bmp.15.4, Open, C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
    WindowsLive.PhotoGallery.gif.15.4, Open, C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
    WindowsLive.PhotoGallery.ico.15.4, Open, C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
    WindowsLive.PhotoGallery.jpg.15.4, Open, C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
    WindowsLive.PhotoGallery.png.15.4, Open, C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
    WindowsLive.PhotoGallery.raw.15.4, Open, C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
    WindowsLive.PhotoGallery.tif.15.4, Open, C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
    WindowsLive.PhotoGallery.video.15.4, Open, C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
    WindowsLive.PhotoGallery.wdp.15.4, Open, C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
    WindowsLiveMail.Email.1, Open, C:\Program Files (x86)\Windows Live\Mail\Wlmail.exe
    WindowsLiveMail.News.1, Open, C:\Program Files (x86)\Windows Live\Mail\Wlmail.exe
    WindowsLiveMail.VCard.1, Open, C:\Program Files (x86)\Windows Live\Mail\Wlmail.exe
    WindowsLiveWriter.BlogThis.1, Open, C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriter.exe
    WindowsLiveWriter.Post.1, Open, C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriter.exe
    WinZip, Open, E:\Misc\winzip\Winzip64.exe
    WinZip.JobFile, Open, E:\Misc\winzip\WINZIP64.EXE
    WinZip.RegFile, Open, E:\Misc\winzip\WinZip64.exe
    WinZip.SetupConfig, Open, E:\Misc\winzip\WINZIP64.EXE
    WinZip.Theme, Open, E:\Misc\winzip\WINZIP64.EXE
    WinZip.ZipX, Open, E:\Misc\winzip\Winzip64.exe
    wlgFile, Open, C:\PROGRA~2\WINDOW~2\ACCESS~1\Wordpad.exe
    WLMail.Url.Mailto, Open, C:\Program Files (x86)\Windows Live\Mail\wlmail.exe /mailurl:
    WLMail.Url.news, Open, C:\Program Files (x86)\Windows Live\Mail\wlmail.exe /newsurl:
    WLMail.Url.nntp, Open, C:\Program Files (x86)\Windows Live\Mail\wlmail.exe /newsurl:
    WLMail.Url.snews, Open, C:\Program Files (x86)\Windows Live\Mail\wlmail.exe /newsurl:
    WLPG, Open, C:\Program Files (x86)\Windows Live\Photo Gallery\WLXAlbumDownloadWizard.exe
    WLW, Open, C:\Program Files (x86)\Windows Live\Writer\\WindowsLiveWriter.exe
    wmffile, Open, %systemroot%\system32\Mspaint.exe
    WMP.DVR-MSFile, Open, %ProgramFiles(x86)%\Windows Media Player\Wmplayer.exe
    WMP.WTVFile, Open, %ProgramFiles(x86)%\Windows Media Player\Wmplayer.exe
    WMP11.AssocFile.3G2, Open, Play
    WMP11.AssocFile.3GP, Open, Play
    WMP11.AssocFile.ADTS, Open, Play
    WMP11.AssocFile.AIFF, Open, Play
    WMP11.AssocFile.ASF, Open, Play
    WMP11.AssocFile.ASX, Open, Play
    WMP11.AssocFile.AU, Open, Play
    WMP11.AssocFile.AVI, Open, Play
    WMP11.AssocFile.M2TS, Open, Play
    WMP11.AssocFile.M3U, Open, Play
    WMP11.AssocFile.M4A, Open, Play
    WMP11.AssocFile.MIDI, Open, Play
    WMP11.AssocFile.MOV, Open, Play
    WMP11.AssocFile.MP3, Open, Play
    WMP11.AssocFile.MP4, Open, Play
    WMP11.AssocFile.MPEG, Open, Play
    WMP11.AssocFile.TTS, Open, Play
    WMP11.AssocFile.WAV, Open, Play
    WMP11.AssocFile.WAX, Open, Play
    WMP11.AssocFile.wma, Open, Play
    WMP11.AssocFile.WMV, Open, Play
    WMP11.AssocFile.WPL, Open, Play
    WMP11.AssocFile.WVX, Open, Play
    WMP11.AssocProtocol.MMS, Open, %ProgramFiles(x86)%\Windows Media Player\Wmplayer.exe
    Word.Backup.8, Open, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.Document.12, Open, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.Document.8, Open, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.DocumentMacroEnabled.12, Open, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.OpenDocumentText.12, Open, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.RTF.8, Open, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.Template.12, Open, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.Template.8, Open, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.TemplateMacroEnabled.12, Open, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    wordhtmlfile, Open, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    wordhtmltemplate, Open, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Wordpad.Document.1, Open, %ProgramFiles%\Windows NT\Accessories\Wordpad.exe
    WSFFile, Open, %SystemRoot%\System32\WScript.exe
    WSHFile, Open, %SystemRoot%\System32\WScript.exe
    XEV.FailSafeApp, Open, %SystemRoot%\system32\Notepad.exe
    XEV.GenericApp, Open, C:\Program Files (x86)\Internet Explorer\Iexplore.exe
    XEV.OriginalApp, Open, C:\Program Files (x86)\Internet Explorer\Iexplore.exe
    xhtmlfile, Open, C:\Program Files (x86)\Internet Explorer\Iexplore.exe
    xmlfile, Open, C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Msoxmled.exe
    xslfile, Open, C:\Program Files (x86)\Internet Explorer\Iexplore.exe
    JSEFile, Open2, C:\Windows\System32\CScript.exe
    JSFile, Open2, C:\Windows\System32\CScript.exe
    VBEFile, Open2, %SystemRoot%\System32\CScript.exe
    VBSFile, Open2, %SystemRoot%\System32\CScript.exe
    WSFFile, Open2, %SystemRoot%\System32\CScript.exe
    WSHFile, Open2, %SystemRoot%\System32\CScript.exe
    Unknown, Openas, %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\Shell32.dll
    Excel.OpenDocumentSpreadsheet.12, OpenAsReadOnly, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.Sheet.12, OpenAsReadOnly, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.Sheet.8, OpenAsReadOnly, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.SheetBinaryMacroEnabled.12, OpenAsReadOnly, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.SheetMacroEnabled.12, OpenAsReadOnly, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.Template, OpenAsReadOnly, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.Template.8, OpenAsReadOnly, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.TemplateMacroEnabled, OpenAsReadOnly, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    OneNote.Folder.1, OpenAsReadOnly, C:\PROGRA~2\MICROS~1\Office14\Onenote.exe
    OneNote.Notebook.1, OpenAsReadOnly, C:\PROGRA~2\MICROS~1\Office14\Onenote.exe
    OneNote.Section.1, OpenAsReadOnly, C:\Program Files (x86)\Microsoft Office\Office14\Onenote.exe
    PowerPoint.OpenDocumentPresentation.12, OpenAsReadOnly, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.Slide.12, OpenAsReadOnly, C:\PROGRA~2\MICROS~1\Office14\POWERPNT.EXE
    PowerPoint.Slide.8, OpenAsReadOnly, C:\PROGRA~2\MICROS~1\Office14\POWERPNT.EXE
    PowerPoint.SlideMacroEnabled.12, OpenAsReadOnly, C:\PROGRA~2\MICROS~1\Office14\POWERPNT.EXE
    Word.Document.12, OpenAsReadOnly, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.Document.8, OpenAsReadOnly, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.DocumentMacroEnabled.12, OpenAsReadOnly, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.OpenDocumentText.12, OpenAsReadOnly, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.Template.12, OpenAsReadOnly, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.TemplateMacroEnabled.12, OpenAsReadOnly, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    WindowsBackupFolderOptions, OpenDesktopIni, %SystemRoot%\system32\Sdclt.exe
    Unknown, Opendlg, %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\Shell32.dll
    htmlfile, Opennew, C:\Program Files (x86)\Internet Explorer\Iexplore.exe
    IE.AssocFile.HTM, Opennew, C:\Program Files (x86)\Internet Explorer\Iexplore.exe
    IE.AssocFile.MHT, Opennew, C:\Program Files (x86)\Internet Explorer\Iexplore.exe
    IE.AssocFile.SVG, Opennew, C:\Program Files (x86)\Internet Explorer\Iexplore.exe
    IE.AssocFile.XHT, Opennew, C:\Program Files (x86)\Internet Explorer\Iexplore.exe
    mhtmlfile, Opennew, C:\Program Files (x86)\Internet Explorer\Iexplore.exe
    svgfile, Opennew, C:\Program Files (x86)\Internet Explorer\Iexplore.exe
    xhtmlfile, Opennew, C:\Program Files (x86)\Internet Explorer\Iexplore.exe
    Folder, Opennewprocess, Unknown
    Folder, Opennewwindow, Unknown
    DesktopBackground, Personalize, Unknown
    AudioCD, Play, %ProgramFiles(x86)%\Windows Media Player\Wmplayer.exe
    DivXFile, Play, %ProgramFiles(x86)%\Windows Media Player\Wmplayer.exe
    DVD, Play, %ProgramFiles(x86)%\Windows Media Player\Wmplayer.exe
    EHomeDropTarget.EHomeDVRDropTarget, Play, Unknown
    EHomeDropTarget.EHomeMusicDropTarget, Play, Unknown
    EHomeDropTarget.EHomePhotosHandler, Play, Unknown
    EHomeDropTarget.EHomeVideoDropTarget, Play, Unknown
    EHomeDropTarget.EHomeVideosHandler, Play, Unknown
    MediaCenter.DVR, Play, C:\Windows\ehome\Ehshell.exe
    MediaCenter.DVR-MS, Play, C:\Windows\ehome\Ehshell.exe
    MediaCenter.WTVFile, Play, C:\Windows\ehome\Ehshell.exe
    MKVFile, Play, %ProgramFiles(x86)%\Windows Media Player\Wmplayer.exe
    Stack.Audio, Play, Unknown
    Stack.Image, Play, Unknown
    Stack.Video, Play, Unknown
    WMP.AudioCD, Play, %ProgramFiles(x86)%\Windows Media Player\Wmplayer.exe
    WMP.DVD, Play, %ProgramFiles(x86)%\Windows Media Player\Wmplayer.exe
    WMP.DVR-MSFile, Play, %ProgramFiles(x86)%\Windows Media Player\Wmplayer.exe
    WMP.PlayCD, Play, Play
    WMP.PlayMedia, Play, Unknown
    WMP.VCD, Play, %ProgramFiles(x86)%\Windows Media Player\Wmplayer.exe
    WMP.WTVFile, Play, %ProgramFiles(x86)%\Windows Media Player\Wmplayer.exe
    WMP11.AssocFile.3G2, Play, Play
    WMP11.AssocFile.3GP, Play, Play
    WMP11.AssocFile.ADTS, Play, Play
    WMP11.AssocFile.AIFF, Play, Play
    WMP11.AssocFile.ASF, Play, Play
    WMP11.AssocFile.ASX, Play, Play
    WMP11.AssocFile.AU, Play, Play
    WMP11.AssocFile.AVI, Play, Play
    WMP11.AssocFile.M2TS, Play, Play
    WMP11.AssocFile.M3U, Play, Play
    WMP11.AssocFile.M4A, Play, Play
    WMP11.AssocFile.MIDI, Play, Play
    WMP11.AssocFile.MOV, Play, Play
    WMP11.AssocFile.MP3, Play, Play
    WMP11.AssocFile.MP4, Play, Play
    WMP11.AssocFile.MPEG, Play, Play
    WMP11.AssocFile.TTS, Play, Play
    WMP11.AssocFile.WAV, Play, Play
    WMP11.AssocFile.WAX, Play, Play
    WMP11.AssocFile.wma, Play, Play
    WMP11.AssocFile.WMV, Play, Play
    WMP11.AssocFile.WPL, Play, Play
    WMP11.AssocFile.WVX, Play, Play
    Shell.CDBurn, Prepare, %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\Shell32.dll
    fonfile, Preview, %SystemRoot%\System32\Fontview.exe
    otffile, Preview, %SystemRoot%\System32\Fontview.exe
    pfmfile, Preview, %SystemRoot%\System32\Fontview.exe
    ttcfile, Preview, %SystemRoot%\System32\Fontview.exe
    ttffile, Preview, %SystemRoot%\System32\Fontview.exe
    WindowsLive.PhotoGallery.bmp.15.4, Preview, C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
    WindowsLive.PhotoGallery.gif.15.4, Preview, C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
    WindowsLive.PhotoGallery.ico.15.4, Preview, C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
    WindowsLive.PhotoGallery.jpg.15.4, Preview, C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
    WindowsLive.PhotoGallery.png.15.4, Preview, C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
    WindowsLive.PhotoGallery.raw.15.4, Preview, C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
    WindowsLive.PhotoGallery.tif.15.4, Preview, C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
    WindowsLive.PhotoGallery.video.15.4, Preview, C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
    WindowsLive.PhotoGallery.wdp.15.4, Preview, C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
    AcroExch.acrobatsecuritysettings.1, Print, Unknown
    AcroExch.Document.7, Print, C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
    AcroExch.FDFDoc, Print, C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
    AcroExch.pdfxml.1, Print, Unknown
    AcroExch.XDPDoc, Print, C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
    AcroExch.XFDFDoc, Print, C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
    batfile, Print, %SystemRoot%\System32\NOTEPAD.EXE
    cmdfile, Print, %SystemRoot%\System32\NOTEPAD.EXE
    contact_wab_auto_file, Print, %ProgramFiles%\Windows Mail\Wab.exe
    docxfile, Print, %ProgramFiles%\Windows NT\Accessories\Wordpad.exe
    emffile, Print, %systemroot%\system32\Mspaint.exe
    Excel.Backup, Print, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.Chart, Print, C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE
    Excel.Chart.8, Print, Unknown
    Excel.CSV, Print, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.Macrosheet, Print, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.OpenDocumentSpreadsheet.12, Print, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.Sheet.12, Print, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.Sheet.8, Print, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.SheetBinaryMacroEnabled.12, Print, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.SheetMacroEnabled.12, Print, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.Template, Print, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.Template.8, Print, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.TemplateMacroEnabled, Print, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    FaxCover.Document, Print, Unknown
    fonfile, Print, %SystemRoot%\System32\Fontview.exe
    group_wab_auto_file, Print, %ProgramFiles%\Windows Mail\Wab.exe
    htmlfile, Print, C:\Program Files (x86)\Microsoft Office\Office14\Msohtmed.exe
    IE.AssocFile.HTM, Print, C:\Windows\System32\Rundll32.exe
    IE.AssocFile.SVG, Print, C:\Windows\System32\Rundll32.exe
    IE.AssocFile.URL, Print, C:\Windows\System32\Rundll32.exe
    IE.AssocFile.XHT, Print, C:\Windows\System32\Rundll32.exe
    inffile, Print, %SystemRoot%\system32\NOTEPAD.EXE
    inifile, Print, %SystemRoot%\system32\NOTEPAD.EXE
    JSEFile, Print, C:\Windows\System32\Notepad.exe
    JSFile, Print, C:\Windows\System32\Notepad.exe
    mhtmlfile, Print, C:\Program Files (x86)\Microsoft Office\Office14\Msohtmed.exe
    odtfile, Print, %ProgramFiles%\Windows NT\Accessories\Wordpad.exe
    OfficeTheme.12, Print, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    OneNote.Section.1, Print, C:\Program Files (x86)\Microsoft Office\Office14\Onenote.exe
    opensearchresult, Print, rundll32.exe %windir%\system32\Mshtml.dll
    otffile, Print, %SystemRoot%\System32\Fontview.exe
    Outlook.File.msg.14, Print, C:\Program Files (x86)\Microsoft Office\Office14\Outlook.exe
    Outlook.File.oft.14, Print, C:\Program Files (x86)\Microsoft Office\Office14\Outlook.exe
    PBrush, Print, %systemroot%\system32\Mspaint.exe
    pfmfile, Print, %SystemRoot%\System32\Fontview.exe
    Photoshop.Image.13, Print, E:\Misc\AdobePhotoshopCS6Portable\App\PhotoshopCS6\Photoshop.exe
    PowerPoint.OpenDocumentPresentation.12, Print, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.Show.12, Print, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.Show.4, Print, C:\PROGRA~2\MICROS~1\Office14\POWERPNT.EXE
    PowerPoint.Show.7, Print, C:\PROGRA~2\MICROS~1\Office14\POWERPNT.EXE
    PowerPoint.Show.8, Print, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.ShowMacroEnabled.12, Print, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.Slide.12, Print, C:\PROGRA~2\MICROS~1\Office14\POWERPNT.EXE
    PowerPoint.Slide.4, Print, C:\PROGRA~2\MICROS~1\Office14\POWERPNT.EXE
    PowerPoint.Slide.7, Print, C:\PROGRA~2\MICROS~1\Office14\POWERPNT.EXE
    PowerPoint.Slide.8, Print, C:\PROGRA~2\MICROS~1\Office14\POWERPNT.EXE
    PowerPoint.SlideMacroEnabled.12, Print, C:\PROGRA~2\MICROS~1\Office14\POWERPNT.EXE
    PowerPoint.SlideShow.12, Print, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.SlideShow.8, Print, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.SlideShowMacroEnabled.12, Print, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.Template.12, Print, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.Template.8, Print, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.TemplateMacroEnabled.12, Print, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    regfile, Print, %SystemRoot%\system32\Notepad.exe
    rlefile, Print, %systemroot%\system32\Mspaint.exe
    rtffile, Print, %ProgramFiles%\Windows NT\Accessories\Wordpad.exe
    svgfile, Print, rundll32.exe %windir%\system32\Mshtml.dll
    textfile, Print, %ProgramFiles%\Windows NT\Accessories\Wordpad.exe
    ttcfile, Print, %SystemRoot%\System32\Fontview.exe
    ttffile, Print, %SystemRoot%\System32\Fontview.exe
    txtfile, Print, %SystemRoot%\system32\NOTEPAD.EXE
    VBEFile, Print, %SystemRoot%\System32\Notepad.exe
    VBSFile, Print, %SystemRoot%\System32\Notepad.exe
    wdpfile, Print, rundll32.exe %SystemRoot%\system32\Shimgvw.dll
    Windows.XPSReachViewer, Print, %SystemRoot%\System32\Xpsrchvw.exe
    WinZip, Print, E:\Misc\winzip\WINZIP64.EXE
    WinZip.ZipX, Print, E:\Misc\winzip\WINZIP64.EXE
    wmffile, Print, %systemroot%\system32\Mspaint.exe
    Word.Backup.8, Print, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.Document.12, Print, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.Document.8, Print, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.DocumentMacroEnabled.12, Print, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.OpenDocumentText.12, Print, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.RTF.8, Print, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.Template.12, Print, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.Template.8, Print, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.TemplateMacroEnabled.12, Print, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Wordpad.Document.1, Print, %ProgramFiles%\Windows NT\Accessories\Wordpad.exe
    WSFFile, Print, %SystemRoot%\System32\Notepad.exe
    xhtmlfile, Print, rundll32.exe %windir%\system32\Mshtml.dll
    AcroExch.acrobatsecuritysettings.1, Printto, Unknown
    AcroExch.Document.7, Printto, C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
    AcroExch.FDFDoc, Printto, C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
    AcroExch.pdfxml.1, Printto, Unknown
    AcroExch.XDPDoc, Printto, C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
    AcroExch.XFDFDoc, Printto, C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
    docxfile, Printto, %ProgramFiles%\Windows NT\Accessories\Wordpad.exe
    emffile, Printto, %systemroot%\system32\Mspaint.exe
    Excel.OpenDocumentSpreadsheet.12, Printto, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.Sheet.12, Printto, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.Sheet.8, Printto, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.SheetBinaryMacroEnabled.12, Printto, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.SheetMacroEnabled.12, Printto, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.Template, Printto, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.Template.8, Printto, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.TemplateMacroEnabled, Printto, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    giffile, Printto, %SystemRoot%\System32\Rundll32.exe
    htmlfile, Printto, rundll32.exe %windir%\system32\Mshtml.dll
    IE.AssocFile.HTM, Printto, C:\Windows\System32\Rundll32.exe
    IE.AssocFile.SVG, Printto, C:\Windows\System32\Rundll32.exe
    IE.AssocFile.URL, Printto, C:\Windows\System32\Rundll32.exe
    IE.AssocFile.XHT, Printto, C:\Windows\System32\Rundll32.exe
    jpegfile, Printto, %SystemRoot%\System32\Rundll32.exe
    odtfile, Printto, %ProgramFiles%\Windows NT\Accessories\Wordpad.exe
    Paint.Picture, Printto, %systemroot%\system32\Mspaint.exe
    PBrush, Printto, %systemroot%\system32\Mspaint.exe
    pjpegfile, Printto, %SystemRoot%\System32\Rundll32.exe
    pngfile, Printto, %SystemRoot%\System32\Rundll32.exe
    rlefile, Printto, %systemroot%\system32\Mspaint.exe
    rtffile, Printto, %ProgramFiles%\Windows NT\Accessories\Wordpad.exe
    svgfile, Printto, rundll32.exe %windir%\system32\Mshtml.dll
    textfile, Printto, %ProgramFiles%\Windows NT\Accessories\Wordpad.exe
    TIFImage.Document, Printto, %SystemRoot%\System32\Rundll32.exe
    txtfile, Printto, %SystemRoot%\system32\Notepad.exe
    wdpfile, Printto, rundll32.exe %SystemRoot%\system32\Shimgvw.dll
    wmffile, Printto, %systemroot%\system32\Mspaint.exe
    Word.Backup.8, Printto, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.Document.12, Printto, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.Document.8, Printto, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.DocumentMacroEnabled.12, Printto, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.OpenDocumentText.12, Printto, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.RTF.8, Printto, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.Template.12, Printto, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.Template.8, Printto, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.TemplateMacroEnabled.12, Printto, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Wordpad.Document.1, Printto, %ProgramFiles%\Windows NT\Accessories\Wordpad.exe
    xhtmlfile, Printto, rundll32.exe %windir%\system32\Mshtml.dll
    AtWorkRendering, PrintTo, 0
    PowerPoint.Show.12, PrintTo, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.Show.8, PrintTo, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.ShowMacroEnabled.12, PrintTo, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    RDB.AutoPlayHandler, Properties, %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\Sysmain.dll
    AcroExch.acrobatsecuritysettings.1, Read, C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
    AcroExch.Document.7, Read, C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
    AcroExch.FDFDoc, Read, C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
    AcroExch.pdfxml.1, Read, C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
    AcroExch.XDPDoc, Read, C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
    AcroExch.XFDFDoc, Read, C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
    PDXFileType, Read, C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
    scriptletfile, Register, C:\Windows\system32\Regsvr32.exe
    NetServer, Remotedesktop, Mstsc.exe
    All Files, Removeproperties, %SystemRoot%\Explorer.exe
    Msi.Package, Repair, %SystemRoot%\System32\Msiexec.exe
    WindowsLiveMail.Email.1, Reply, C:\Program Files (x86)\Windows Live\Mail\Wlmail.exe
    WindowsLiveMail.News.1, Reply, C:\Program Files (x86)\Windows Live\Mail\Wlmail.exe
    WindowsLiveMail.Email.1, Reply All, C:\Program Files (x86)\Windows Live\Mail\Wlmail.exe
    WindowsLiveMail.News.1, Reply All, C:\Program Files (x86)\Windows Live\Mail\Wlmail.exe
    batfile, Runas, %SystemRoot%\System32\Cmd.exe
    cmdfile, Runas, %SystemRoot%\System32\Cmd.exe
    cplfile, Runas, %SystemRoot%\System32\Rundll32.exe
    exefile, Runas, Unknown
    mscfile, RunAs, %SystemRoot%\system32\Mmc.exe
    batfile, Runasuser, Unknown
    cmdfile, Runasuser, Unknown
    exefile, Runasuser, Unknown
    mscfile, Runasuser, Unknown
    Msi.Package, Runasuser, Unknown
    OfficeTheme.12, Show, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.OpenDocumentPresentation.12, Show, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.Show.12, Show, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.Show.8, Show, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.ShowMacroEnabled.12, Show, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.Slide.12, Show, C:\PROGRA~2\MICROS~1\Office14\POWERPNT.EXE
    PowerPoint.Slide.8, Show, C:\PROGRA~2\MICROS~1\Office14\POWERPNT.EXE
    PowerPoint.SlideMacroEnabled.12, Show, C:\PROGRA~2\MICROS~1\Office14\POWERPNT.EXE
    PowerPoint.Template.12, Show, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.Template.8, Show, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.TemplateMacroEnabled.12, Show, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    Msi.Package, Uninstall, %SystemRoot%\System32\Msiexec.exe
    Drive, Unlock-bde, %SystemRoot%\System32\BdeUnlockWizard.exe
    scriptletfile, Unregister, C:\Windows\system32\Regsvr32.exe
    Excel.Backup, ViewProtected, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.Macrosheet, ViewProtected, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.OpenDocumentSpreadsheet.12, ViewProtected, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.Sheet.12, ViewProtected, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.Sheet.8, ViewProtected, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.SheetBinaryMacroEnabled.12, ViewProtected, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.SheetMacroEnabled.12, ViewProtected, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.Template, ViewProtected, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.Template.8, ViewProtected, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    Excel.TemplateMacroEnabled, ViewProtected, C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
    PowerPoint.OpenDocumentPresentation.12, ViewProtected, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.Show.12, ViewProtected, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.Show.8, ViewProtected, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.ShowMacroEnabled.12, ViewProtected, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.Slide.12, ViewProtected, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.Slide.8, ViewProtected, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.SlideMacroEnabled.12, ViewProtected, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.SlideShow.12, ViewProtected, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.SlideShow.8, ViewProtected, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.SlideShowMacroEnabled.12, ViewProtected, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.Template.12, ViewProtected, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.Template.8, ViewProtected, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    PowerPoint.TemplateMacroEnabled.12, ViewProtected, C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe
    Word.Backup.8, ViewProtected, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.Document.12, ViewProtected, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.Document.8, ViewProtected, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.DocumentMacroEnabled.12, ViewProtected, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.OpenDocumentText.12, ViewProtected, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.RTF.8, ViewProtected, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.Template.12, ViewProtected, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.Template.8, ViewProtected, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    Word.TemplateMacroEnabled.12, ViewProtected, C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe
    MediaCenter.WTVFile, Wtv2dvrms, Play
    Startup:
    Code:
    , , HKEY_LM\Run
    Adobe ARM, "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe", HKEY_LM\Run
    APSDaemon, "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe", HKEY_LM\Run
    Bluetooth, N/A, Start Menu (Common User)
    Desktop, N/A, Start Menu
    Desktop, N/A, Start Menu (Common User)
    DivXUpdate, "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW, HKEY_LM\Run
    FLxHCIm64, "C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe", HKEY_LM\Run
    HP CoolSense, C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey, HKEY_LM\Run
    HPConnectionManager, C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe, HKEY_LM\Run
    Hposd, C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe, HKEY_LM\Run
    NACAgentUI, C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe, HKEY_LM\Run
    QuickTime Task, "E:\Misc\Programs\QTTask.exe" -atboottime, HKEY_LM\Run
    Restart_sticky_notes, C:\Windows\System32\StikyNot.exe, HKEY_CU\Run
    
    COMBOFIX:
    Code:
    ComboFix 12-05-28.05 - Shawn 05/29/2012  10:08:49.1.4 - x64
    Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4041.2173 [GMT -6:00]
    Running from: c:\users\Shawn\Desktop\ComboFix.exe
    AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
     * Created a new restore point
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\SysWow64\dllhost
    c:\windows\SysWow64\dllhost\dllhost.exe
    c:\windows\SysWow64\settings.ini
    .
    .
    (((((((((((((((((((((((((   Files Created from 2012-04-28 to 2012-05-29  )))))))))))))))))))))))))))))))
    .
    .
    2012-05-29 16:17 . 2012-05-29 16:17    --------    d-----w-    c:\users\Default\AppData\Local\temp
    2012-05-20 21:13 . 2012-05-20 21:13    --------    d-----w-    c:\users\Shawn\AppData\Local\Google
    2012-05-20 20:57 . 2012-05-20 20:59    --------    d-----w-    c:\programdata\Premium
    2012-05-20 20:56 . 2012-05-20 21:14    --------    d-----w-    c:\programdata\InstallMate
    2012-05-16 07:08 . 2012-05-16 07:08    --------    d-----w-    c:\users\Default\AppData\Local\Microsoft Help
    2012-05-16 05:13 . 2012-05-16 05:13    --------    d-----w-    c:\users\Shawn\AppData\Roaming\Safer Networking
    2012-05-15 14:47 . 2012-05-15 14:47    --------    d-----w-    c:\users\Shawn\AppData\Roaming\Apple Computer
    2012-05-15 02:14 . 2012-05-15 02:14    --------    d-----w-    c:\program files\Microsoft Silverlight
    2012-05-15 02:14 . 2012-05-15 02:14    --------    d-----w-    c:\program files (x86)\Microsoft Silverlight
    2012-05-14 20:12 . 2012-05-14 20:12    --------    d-----w-    c:\program files (x86)\Common Files\Apple
    2012-05-14 20:12 . 2012-05-14 20:12    --------    d-----w-    c:\users\Shawn\AppData\Local\Apple
    2012-05-14 20:12 . 2012-05-14 20:12    --------    d-----w-    c:\programdata\Apple
    2012-05-14 20:12 . 2012-05-14 20:12    --------    d-----w-    c:\program files (x86)\Apple Software Update
    2012-05-10 18:55 . 2012-03-03 06:35    1544704    ----a-w-    c:\windows\system32\DWrite.dll
    2012-05-10 18:55 . 2012-03-03 05:31    1077248    ----a-w-    c:\windows\SysWow64\DWrite.dll
    2012-05-10 18:55 . 2012-03-31 06:05    5559664    ----a-w-    c:\windows\system32\ntoskrnl.exe
    2012-05-10 18:55 . 2012-03-31 04:39    3968368    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
    2012-05-10 18:55 . 2012-03-31 04:39    3913072    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
    2012-05-10 18:55 . 2012-03-31 03:10    3146240    ----a-w-    c:\windows\system32\win32k.sys
    2012-05-10 18:55 . 2012-03-17 07:58    75120    ----a-w-    c:\windows\system32\drivers\partmgr.sys
    2012-05-10 18:54 . 2012-03-30 11:35    1918320    ----a-w-    c:\windows\system32\drivers\tcpip.sys
    2012-05-10 18:54 . 2012-03-31 05:40    1367552    ----a-w-    c:\program files\Common Files\Microsoft Shared\ink\journal.dll
    2012-05-10 18:54 . 2012-03-31 04:29    936960    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2012-05-09 23:25 . 2012-05-26 20:53    --------    d-----w-    c:\users\Shawn\AppData\Local\VMware
    2012-05-09 23:25 . 2012-05-26 20:29    --------    d-----w-    c:\users\Shawn\AppData\Roaming\VMware
    2012-05-09 23:10 . 2012-05-01 03:05    63088    ----a-w-    c:\windows\system32\drivers\vmx86.sys
    2012-05-09 23:10 . 2012-05-01 03:04    354416    ----a-w-    c:\windows\SysWow64\vmnetdhcp.exe
    2012-05-09 23:09 . 2012-05-01 03:04    433264    ----a-w-    c:\windows\SysWow64\vmnat.exe
    2012-05-09 23:09 . 2012-05-01 03:03    30320    ----a-w-    c:\windows\system32\drivers\vmnetuserif.sys
    2012-05-09 23:09 . 2012-05-01 03:05    942192    ----a-w-    c:\windows\system32\vnetlib64.dll
    2012-05-09 23:09 . 2012-05-01 03:04    32880    ----a-w-    c:\windows\system32\drivers\VMkbd.sys
    2012-05-09 23:09 . 2011-08-30 05:11    39024    ----a-w-    c:\windows\system32\drivers\hcmon.sys
    2012-05-09 23:08 . 2012-05-29 14:48    --------    d-----w-    c:\programdata\VMware
    2012-05-09 23:08 . 2012-05-09 23:08    --------    d-----w-    c:\program files (x86)\Common Files\VMware
    2012-05-09 23:08 . 2012-05-09 23:08    --------    d-----w-    c:\program files\Common Files\VMware
    2012-05-09 05:11 . 2012-05-09 05:14    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
    2012-05-09 05:11 . 2012-05-09 05:12    --------    d-----w-    c:\program files (x86)\Spybot - Search & Destroy
    2012-05-08 04:06 . 2012-05-08 04:06    --------    d-----w-    c:\users\Shawn\AppData\Local\DDMSettings
    2012-05-08 04:04 . 2012-05-08 04:04    --------    d-----w-    c:\program files (x86)\DivX
    2012-05-08 04:04 . 2012-05-08 04:04    --------    d-----w-    c:\users\Shawn\AppData\Roaming\DivX
    2012-05-08 04:04 . 2012-05-08 04:04    --------    d-----w-    c:\program files (x86)\Common Files\PX Storage Engine
    2012-05-08 04:03 . 2012-05-08 04:04    --------    d-----w-    c:\program files\DivX
    2012-05-08 04:03 . 2012-05-08 04:04    --------    d-----w-    c:\program files (x86)\Common Files\DivX Shared
    2012-05-08 04:02 . 2012-05-08 04:05    --------    d-----w-    c:\programdata\DivX
    2012-05-07 14:43 . 2012-05-07 14:45    --------    d-----w-    c:\programdata\Cisco
    2012-05-07 14:43 . 2012-05-07 14:43    --------    d-----w-    c:\program files (x86)\Common Files\Cisco
    2012-05-07 14:43 . 2012-05-07 14:43    --------    d-----w-    c:\program files (x86)\Cisco
    2012-05-07 14:38 . 2012-05-07 14:43    --------    d-----w-    C:\uvu
    2012-05-06 02:50 . 2012-05-06 02:50    --------    d-----w-    c:\users\Shawn\AppData\Roaming\redsn0w
    2012-05-04 20:29 . 2012-05-04 21:25    --------    d-----w-    c:\users\Shawn\AppData\Roaming\TeamViewer
    2012-05-03 03:11 . 2012-05-03 03:12    --------    d-----w-    c:\program files (x86)\Mozilla Maintenance Service
    2012-05-03 03:11 . 2012-05-03 03:11    157352    ----a-w-    c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
    2012-05-03 03:11 . 2012-05-03 03:11    129976    ----a-w-    c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
    2012-05-01 00:26 . 2012-05-01 00:26    252016    ----a-w-    c:\windows\SysWow64\vmnc.dll
    2012-04-30 23:22 . 2012-04-30 23:22    62064    ----a-w-    c:\windows\system32\vmnetbridge.dll
    2012-04-30 23:22 . 2012-04-30 23:22    48752    ----a-w-    c:\windows\system32\vnetinst.dll
    2012-04-30 23:22 . 2012-04-30 23:22    45680    ----a-w-    c:\windows\system32\drivers\vmnetbridge.sys
    2012-04-30 23:22 . 2012-04-30 23:22    24176    ----a-w-    c:\windows\system32\drivers\vmnet.sys
    2012-04-30 23:22 . 2012-04-30 23:22    20080    ----a-w-    c:\windows\system32\drivers\vmnetadapter.sys
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-05 18:09 . 2012-04-18 02:51    419488    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
    2012-05-05 18:09 . 2011-11-09 23:56    70304    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-05 18:08 . 2012-04-18 13:07    8744608    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-04-18 12:56 . 2011-03-29 02:36    19352    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2012-03-16 12:07 . 2012-03-16 12:07    174200    ----a-w-    c:\windows\system32\drivers\SYMEVENT64x86.SYS
    2012-03-16 11:55 . 2012-03-16 11:55    95544    ----a-w-    c:\windows\system32\bcmwlcoi.dll
    2012-03-16 11:55 . 2012-03-16 11:55    6656    ----a-w-    c:\windows\system32\bcmwlrc.dll
    2012-03-16 11:55 . 2012-03-16 11:55    3952640    ----a-w-    c:\windows\system32\bcmihvsrv64.dll
    2012-03-16 11:55 . 2012-03-16 11:55    3617792    ----a-w-    c:\windows\system32\bcmihvui64.dll
    2012-03-16 11:55 . 2012-03-16 11:55    4745792    ----a-w-    c:\windows\system32\drivers\BCMWL664.SYS
    2012-03-01 06:46 . 2012-04-18 15:14    23408    ----a-w-    c:\windows\system32\drivers\fs_rec.sys
    2012-03-01 06:38 . 2012-04-18 15:14    220672    ----a-w-    c:\windows\system32\wintrust.dll
    2012-03-01 06:33 . 2012-04-18 15:14    81408    ----a-w-    c:\windows\system32\imagehlp.dll
    2012-03-01 06:28 . 2012-04-18 15:14    5120    ----a-w-    c:\windows\system32\wmi.dll
    2012-03-01 05:37 . 2012-04-18 15:14    172544    ----a-w-    c:\windows\SysWow64\wintrust.dll
    2012-03-01 05:33 . 2012-04-18 15:14    159232    ----a-w-    c:\windows\SysWow64\imagehlp.dll
    2012-03-01 05:29 . 2012-04-18 15:14    5120    ----a-w-    c:\windows\SysWow64\wmi.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown 
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "FLxHCIm64"="c:\program files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe" [2011-10-17 47616]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
    "HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-08-26 1342008]
    "HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-09-13 103992]
    "NACAgentUI"="c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2011-10-31 529848]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "QuickTime Task"="e:\misc\Programs\QTTask.exe" [2011-10-24 421888]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-9-20 1338144]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages    REG_MULTI_SZ       scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
    Security Packages    REG_MULTI_SZ       kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
    R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-09-13 1098296]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-03 129976]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
    S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
    S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-29 227896]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-08-24 13592]
    S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-10-21 2425960]
    S2 irstrtsv;Intel(R) Rapid Start Technology Service;c:\windows\SysWOW64\irstrtsv.exe [2011-07-07 184320]
    S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
    S2 NACAgent;Cisco NAC Agent;c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [2011-10-31 1151928]
    S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe [2011-08-10 138760]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-08-09 2656536]
    S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-30 846448]
    S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [x]
    S3 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120517.001\BHDrvx64.sys [2012-04-03 1160824]
    S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [x]
    S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [x]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
    S3 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1301000.01C\ccSetx64.sys [x]
    S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-04-18 138360]
    S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [x]
    S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [x]
    S3 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120528.001\IDSvia64.sys [2012-04-28 488568]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
    S3 irstrtdv;Intel(R) Rapid Start Technology Driver;c:\windows\system32\DRIVERS\irstrtdv.sys [x]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1301000.01C\SYMDS64.SYS [x]
    S3 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1301000.01C\SYMEFA64.SYS [x]
    S3 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1301000.01C\Ironx64.SYS [x]
    S3 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1301000.01C\SYMNETS.SYS [x]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 62131191
    *Deregistered* - 62131191
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-05-29 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 18:09]
    .
    2012-05-29 c:\windows\Tasks\AutoKMS.job
    - c:\windows\AutoKMS\AutoKMS.exe [2012-04-19 18:08]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-20 167704]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-20 392472]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-20 416024]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-10-06 1424896]
    "Navigation Fix"="c:\windows\SysWow64\navigation\navfix.exe" [2012-04-09 210460]
    "Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://google.com/
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    LSP: %SystemRoot%\system32\vsocklib.dll
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Shawn\AppData\Roaming\Mozilla\Firefox\Profiles\ttw2jm9x.default\
    FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/u/0/?shva=1#inbox|http://forums.digitalpoint.com/|http://www.vbulletin.org/forum/index.php
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
    HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec
    ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-WinZip Professional 16 - c:\program files (x86)\WinZip International LLC\WinZip Professional\Uninstall.exe
    AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
    "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.1.0.28\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
       00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-05-29  10:32:54
    ComboFix-quarantined-files.txt  2012-05-29 16:32
    .
    Pre-Run: 68,725,641,216 bytes free
    Post-Run: 68,375,552,000 bytes free
    .
    - - End Of File - - FCC8769493F270A598940D1D24D3FFA2
    
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1055032

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice