I'm lookin for an expert who would be so kind to look trough my ComboFixLog.

View previous topic View next topic Go down

I'm lookin for an expert who would be so kind to look trough my ComboFixLog.

Post by jayswaysoffthehook on 1st January 2010, 8:00 pm

J
Just about 2days ago I cought the "BankerFox" Virus frustrated the heck out of me but I managed to get it under control with ComboFix & SuperAntiSpyware, next to my usual Security Programs like Mc Afee, RegCure, CCleaner & Windows Defender. Well I hope it's gone, thats why I would clearly aappreciate for anyone to take a final peak @ my Log and help me understand what the Situation is. So here it is and a million thank you 2 u:


ComboFix 09-12-30.02 - Administrator 31/12/2009 6:46.1.1 - x86
Running from: c:\\users\\Administrator\\Desktop\\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\\$recycle.bin\\S-1-5-21-51003140-4199384537-3980697693-500
c:\\recycler\\S-1-5-21-1757981266-583907252-725345543-500
c:\\users\\Administrator\\AppData\\Local\\bylfnu
c:\\users\\Administrator\\AppData\\Local\\bylfnu\\igqasysguard.exe

.
((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-31 )))))))))))))))))))))))))))))))
.

2009-12-31 15:25 . 2009-12-31 15:25 -------- d-----w- c:\\users\\Guest\\AppData\\Local\\temp
2009-12-31 15:25 . 2009-12-31 15:25 -------- d-----w- c:\\users\\Default\\AppData\\Local\\temp
2009-12-31 12:57 . 2009-12-31 12:57 -------- d-----w- c:\\program files\\Common Files\\Wise Installation Wizard
2009-12-31 08:54 . 2009-08-31 13:55 428544 ----a-w- c:\\windows\\system32\\EncDec.dll
2009-12-31 08:54 . 2009-08-31 13:55 293376 ----a-w- c:\\windows\\system32\\psisdecd.dll
2009-12-31 08:52 . 2009-09-10 15:21 310784 ----a-w- c:\\windows\\system32\\unregmp2.exe
2009-12-31 08:52 . 2009-09-10 15:21 8147456 ----a-w- c:\\windows\\system32\\wmploc.DLL
2009-12-27 23:05 . 2009-12-27 23:07 -------- d-----w- c:\\users\\Administrator\\AppData\\Roaming\\FedEx
2009-12-27 23:05 . 2009-12-27 23:05 -------- d-----w- c:\\users\\Administrator\\AppData\\Roaming\\FedExDesktop.026F9BDCA0F141E500950436A5D33181EE6B8EF5.1
2009-12-27 23:04 . 2009-12-31 04:47 -------- d-----w- c:\\program files\\FedEx
2009-12-20 06:01 . 2009-10-29 09:41 2048 ----a-w- c:\\windows\\system32\\tzres.dll
2009-12-20 05:58 . 2009-11-09 13:22 24064 ----a-w- c:\\windows\\system32\\nshhttp.dll
2009-12-20 05:58 . 2009-11-09 13:20 31232 ----a-w- c:\\windows\\system32\\httpapi.dll
2009-12-20 05:58 . 2009-11-09 11:04 411136 ----a-w- c:\\windows\\system32\\drivers\\http.sys
2009-12-20 05:48 . 2009-08-10 11:01 1399296 ----a-w- c:\\windows\\system32\\msxml6.dll
2009-12-20 05:48 . 2009-08-10 11:00 1257472 ----a-w- c:\\windows\\system32\\msxml3.dll
2009-12-20 05:48 . 2009-08-24 12:16 378368 ----a-w- c:\\windows\\system32\\winhttp.dll
2009-12-20 05:46 . 2009-10-07 12:41 244224 ----a-w- c:\\windows\\system32\\rastls.dll
2009-12-20 05:46 . 2009-10-07 12:41 281600 ----a-w- c:\\windows\\system32\\raschap.dll
2009-12-10 18:47 . 2009-12-10 18:47 -------- d-----w- c:\\windows\\Sun
2009-12-08 03:36 . 2009-12-08 03:36 -------- d-----w- c:\\programdata\\HP Product Assistant
2009-12-08 03:31 . 2009-12-08 03:37 77354 ----a-w- c:\\windows\\hpqins05.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-31 14:09 . 2009-09-28 08:23 680 ----a-w- c:\\users\\Administrator\\AppData\\Local\\d3d9caps.dat
2009-12-31 11:07 . 2006-11-02 11:18 -------- d-----w- c:\\program files\\Windows Mail
2009-12-30 02:08 . 2009-09-28 08:24 82056 ----a-w- c:\\users\\Administrator\\AppData\\Local\\GDIPFONTCACHEV1.DAT
2009-12-21 08:17 . 2009-10-17 08:59 -------- d-----w- c:\\program files\\Google
2009-12-19 20:10 . 2009-09-29 19:58 -------- d-----w- c:\\program files\\McAfee
2009-12-19 11:55 . 2009-09-29 19:48 -------- d-----w- c:\\programdata\\McAfee
2009-12-15 03:26 . 2009-10-12 09:29 -------- d-----w- c:\\users\\Administrator\\AppData\\Roaming\\HpUpdate
2009-12-08 03:37 . 2009-10-05 03:53 -------- d-----w- c:\\programdata\\HP
2009-12-08 03:34 . 2009-11-22 09:37 -------- d-----w- c:\\program files\\Java
2009-12-04 23:36 . 2009-09-28 20:49 604856 ----a-w- c:\\windows\\system32\\perfh005.dat
2009-12-04 23:36 . 2009-09-28 20:49 119152 ----a-w- c:\\windows\\system32\\perfc005.dat
2009-11-27 09:10 . 2009-11-22 09:40 -------- d-----w- c:\\users\\Administrator\\AppData\\Roaming\\LimeWire
2009-11-27 08:53 . 2009-11-20 00:16 -------- d-----w- c:\\users\\Administrator\\AppData\\Roaming\\Apple Computer
2009-11-23 07:58 . 2009-11-23 07:58 -------- d-----w- c:\\program files\\softendo.com
2009-11-22 11:24 . 2009-09-30 04:36 -------- d-----w- c:\\program files\\PhotoshopCS4Portable
2009-11-22 10:47 . 2009-11-22 09:53 -------- d-----w- c:\\users\\Administrator\\AppData\\Roaming\\Auslogics
2009-11-22 09:46 . 2009-11-22 09:46 -------- d-----w- c:\\program files\\Auslogics
2009-11-22 09:38 . 2009-11-22 09:36 -------- d-----w- c:\\program files\\LimeWire
2009-11-22 01:45 . 2009-11-22 01:45 -------- d-----w- c:\\programdata\\LightScribe
2009-11-21 06:40 . 2009-12-20 05:49 916480 ----a-w- c:\\windows\\system32\\wininet.dll
2009-11-21 06:34 . 2009-12-20 05:49 71680 ----a-w- c:\\windows\\system32\\iesetup.dll
2009-11-21 06:34 . 2009-12-20 05:49 109056 ----a-w- c:\\windows\\system32\\iesysprep.dll
2009-11-21 04:59 . 2009-12-20 05:49 133632 ----a-w- c:\\windows\\system32\\ieUnatt.exe
2009-11-20 00:16 . 2009-11-20 00:14 -------- d-----w- c:\\programdata\\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-20 00:16 . 2009-11-20 00:14 -------- d-----w- c:\\program files\\iTunes
2009-11-20 00:15 . 2009-11-20 00:15 -------- d-----w- c:\\program files\\iPod
2009-11-20 00:15 . 2009-11-19 23:58 -------- d-----w- c:\\program files\\Common Files\\Apple
2009-11-20 00:14 . 2009-11-20 00:07 -------- d-----w- c:\\programdata\\Apple Computer
2009-11-20 00:09 . 2009-11-20 00:09 -------- d-----w- c:\\program files\\Bonjour
2009-11-20 00:08 . 2009-11-20 00:07 -------- d-----w- c:\\program files\\QuickTime
2009-11-20 00:05 . 2009-11-20 00:05 -------- d-----w- c:\\program files\\Apple Software Update
2009-11-19 23:58 . 2009-11-19 23:58 -------- d-----w- c:\\programdata\\Apple
2009-11-18 23:37 . 2009-10-30 21:05 680 ----a-w- c:\\users\\Guest\\AppData\\Local\\d3d9caps.dat
2009-11-15 15:29 . 2009-10-01 14:40 -------- d-----w- c:\\programdata\\NOS
2009-11-15 15:28 . 2009-11-15 15:28 -------- d-----w- c:\\program files\\NOS
2009-11-03 04:42 . 2009-10-02 23:27 195456 ------w- c:\\windows\\system32\\MpSigStub.exe
2009-10-26 17:52 . 2009-10-12 09:33 116840 ----a-w- c:\\windows\\hpqins00.dat
2009-10-21 00:07 . 2009-10-20 07:31 178388 ----a-w- c:\\windows\\hpwins20.dat
2009-10-11 12:17 . 2009-11-22 09:38 411368 ----a-w- c:\\windows\\system32\\deploytk.dll
2008-10-26 14:40 . 2008-10-26 13:53 8192 --sha-w- c:\\windows\\Users\\Default\\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
"LightScribe Control Panel"="c:\\program files\\Common Files\\LightScribe\\LightScribeControlPanel.exe" [2007-10-18 455968]
"ehTray.exe"="c:\\windows\\ehome\\ehTray.exe" [2008-10-26 125952]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
"GrooveMonitor"="c:\\program files\\Microsoft Office\\Office12\\GrooveMonitor.exe" [2006-10-27 31016]
"HP Software Update"="c:\\program files\\HP\\HP Software Update\\HPWuSchd2.exe" [2007-10-15 49152]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\policies\\system]
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\Minimal\\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\Minimal\\MCODS]
@=""

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\Minimal\\WinDefend]
@="Service"
path=
backup=

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\mcagent_exe]
2009-10-29 14:54 1218008 ----a-w- c:\\program files\\McAfee.com\\Agent\\mcagent.exe

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Sidebar]
2008-10-26 14:18 1233920 ----a-w- c:\\program files\\Windows Sidebar\\sidebar.exe

[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center\\Svc\\S-1-5-21-604083099-196837364-2748249966-500]
"EnableNotificationsRef"=dword:00000001

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\\progra~1\\mcafee\\SITEAD~1\\mcsacore.exe [19/12/2009 03:55 93320]
S2 gupdate;Google Update Service (gupdate);c:\\program files\\Google\\Update\\GoogleUpdate.exe [17/10/2009 01:00 133104]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_LOCAL_MACHINE\\software\\microsoft\\active setup\\installed components\\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-10-18 22:25 451872 ----a-w- c:\\program files\\Common Files\\LightScribe\\LSRunOnce.exe

[HKEY_LOCAL_MACHINE\\software\\microsoft\\active setup\\installed components\\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-12 00:23 38400 ----a-w- c:\\windows\\System32\\SoundSchemes.exe

[HKEY_LOCAL_MACHINE\\software\\microsoft\\active setup\\installed components\\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
2008-08-28 17:50 30720 ----a-w- c:\\windows\\System32\\soundschemes2.exe
.
Contents of the 'Scheduled Tasks' folder

2009-12-31 c:\\windows\\Tasks\\GoogleUpdateTaskMachineCore.job
- c:\\program files\\Google\\Update\\GoogleUpdate.exe [2009-10-17 08:59]

2009-12-31 c:\\windows\\Tasks\\GoogleUpdateTaskMachineUA.job
- c:\\program files\\Google\\Update\\GoogleUpdate.exe [2009-10-17 08:59]

2009-12-15 c:\\windows\\Tasks\\McDefragTask.job
- c:\\progra~1\\mcafee\\mqc\\QcConsol.exe [2009-10-21 19:22]

2009-12-01 c:\\windows\\Tasks\\McQcTask.job
- c:\\progra~1\\mcafee\\mqc\\QcConsol.exe [2009-10-21 19:22]

2009-12-31 c:\\windows\\Tasks\\RegCure Program Check.job
- c:\\windows.old\\Program Files\\RegCure\\RegCure.exe [2007-10-16 08:20]

2009-12-31 c:\\windows\\Tasks\\RegCure.job
- c:\\windows.old\\Program Files\\RegCure\\RegCure.exe [2007-10-16 08:20]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\\progra~1\\MICROS~2\\Office12\\EXCEL.EXE/3000
FF - ProfilePath - c:\\users\\Administrator\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\czczou03.default\\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Mario Forever Customized Web Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\\program files\\McAfee\\SiteAdvisor\\components\\McFFPlg.dll
FF - component: c:\\program files\\Mozilla Firefox\\extensions\\{B13721C7-F507-4982-B2E5-502A71474FED}\\components\\NPComponent.dll
FF - component: c:\\users\\Administrator\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\czczou03.default\\extensions\\{707db484-2428-402d-afb5-d85b387544c7}\\components\\FFExternalAlert.dll
FF - plugin: c:\\program files\\Google\\Google Earth\\plugin\\npgeplugin.dll
FF - plugin: c:\\program files\\Google\\Update\\1.2.183.13\\npGoogleOneClick8.dll
FF - plugin: c:\\users\\Administrator\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\czczou03.default\\extensions\\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\\plugins\\np_gp.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\\windows\\Microsoft.NET\\Framework\\v3.5\\Windows Presentation Foundation\\DotNetAssistantExtension\\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-fmgxgmho - c:\\users\\Administrator\\AppData\\Local\\bylfnu\\igqasysguard.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\\program files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe
AddRemove-Adobe Acrobat 5.0 - c:\\program files\\Common Files\\Adobe\\Acrobat 5.0\\NT\\Uninst.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-12-31 07:36
Windows 6.0.6001 Service Pack 1 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Internet Explorer\\User Preferences]
@Denied: (2) (Administrator)
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2c,ab,73,25,91,ea,0f,46,9d,9f,7f,\\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2c,ab,73,25,91,ea,0f,46,9d,9f,7f,\\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2c,ab,73,25,91,ea,0f,46,9d,9f,7f,\\

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.aif\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.aifc\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.aiff\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.asf\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.asx\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.au\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.avi\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.avi"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.cda\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.docx\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\\\WINWORD.EXE"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.htm\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.html\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.jpg\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="jpegfile"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.m1v\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.M2V\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.m3u\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M3U"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.mid\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.midi\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.MOD\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.mp2\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.mp2v\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.mp3\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.mpa\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.mpe\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.mpeg\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.mpg\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.mpv2\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.pbm\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\\\PhotoSnap.exe"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.psd\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\\\PhotoSnap.exe"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.rmi\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.shtml\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.snd\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.txt\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\\\wordicon.exe"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.wav\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.wax\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.wm\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.wma\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.wmd\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.wms\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.wmv\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.wmx\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.wmz\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.wpl\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.wvx\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.xht\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.xhtml\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
Completion time: 2009-12-31 07:59:21
ComboFix-quarantined-files.txt 2009-12-31 15:59

Pre-Run: 28,965,888,000 bytes free
Post-Run: 28,953,296,896 bytes free

- - End Of File - - CD37800DBAAC1B966E5F76C2C105D09C

jayswaysoffthehook
Beginner
Beginner

Posts Posts : 1
Joined Joined : 2010-01-01
OS OS : windows vista
Points Points : 25353
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I'm lookin for an expert who would be so kind to look trough my ComboFixLog.

Post by Belahzur on 1st January 2010, 8:21 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum