WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


I'm lookin for an expert who would be so kind to look trough my ComboFixLog.

2 posters

descriptionI'm lookin for an expert who would be so kind to look trough my ComboFixLog. EmptyI'm lookin for an expert who would be so kind to look trough my ComboFixLog.1st January 2010, 8:00 pm

more_horiz
J
Just about 2days ago I cought the "BankerFox" Virus I'm lookin for an expert who would be so kind to look trough my ComboFixLog. 47584 frustrated the heck out of me but I managed to get it under control I'm lookin for an expert who would be so kind to look trough my ComboFixLog. 85654 with ComboFix & SuperAntiSpyware, next to my usual Security Programs like Mc Afee, RegCure, CCleaner & Windows Defender. I'm lookin for an expert who would be so kind to look trough my ComboFixLog. 975204 Well I hope it's gone, thats why I would clearly aappreciate for anyone to take a final peak I'm lookin for an expert who would be so kind to look trough my ComboFixLog. 310390 @ my Log and help me understand what the Situation is. So here it is and a million thank you I'm lookin for an expert who would be so kind to look trough my ComboFixLog. 517289 2 u:


ComboFix 09-12-30.02 - Administrator 31/12/2009 6:46.1.1 - x86
Running from: c:\\users\\Administrator\\Desktop\\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\\$recycle.bin\\S-1-5-21-51003140-4199384537-3980697693-500
c:\\recycler\\S-1-5-21-1757981266-583907252-725345543-500
c:\\users\\Administrator\\AppData\\Local\\bylfnu
c:\\users\\Administrator\\AppData\\Local\\bylfnu\\igqasysguard.exe

.
((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-31 )))))))))))))))))))))))))))))))
.

2009-12-31 15:25 . 2009-12-31 15:25 -------- d-----w- c:\\users\\Guest\\AppData\\Local\\temp
2009-12-31 15:25 . 2009-12-31 15:25 -------- d-----w- c:\\users\\Default\\AppData\\Local\\temp
2009-12-31 12:57 . 2009-12-31 12:57 -------- d-----w- c:\\program files\\Common Files\\Wise Installation Wizard
2009-12-31 08:54 . 2009-08-31 13:55 428544 ----a-w- c:\\windows\\system32\\EncDec.dll
2009-12-31 08:54 . 2009-08-31 13:55 293376 ----a-w- c:\\windows\\system32\\psisdecd.dll
2009-12-31 08:52 . 2009-09-10 15:21 310784 ----a-w- c:\\windows\\system32\\unregmp2.exe
2009-12-31 08:52 . 2009-09-10 15:21 8147456 ----a-w- c:\\windows\\system32\\wmploc.DLL
2009-12-27 23:05 . 2009-12-27 23:07 -------- d-----w- c:\\users\\Administrator\\AppData\\Roaming\\FedEx
2009-12-27 23:05 . 2009-12-27 23:05 -------- d-----w- c:\\users\\Administrator\\AppData\\Roaming\\FedExDesktop.026F9BDCA0F141E500950436A5D33181EE6B8EF5.1
2009-12-27 23:04 . 2009-12-31 04:47 -------- d-----w- c:\\program files\\FedEx
2009-12-20 06:01 . 2009-10-29 09:41 2048 ----a-w- c:\\windows\\system32\\tzres.dll
2009-12-20 05:58 . 2009-11-09 13:22 24064 ----a-w- c:\\windows\\system32\\nshhttp.dll
2009-12-20 05:58 . 2009-11-09 13:20 31232 ----a-w- c:\\windows\\system32\\httpapi.dll
2009-12-20 05:58 . 2009-11-09 11:04 411136 ----a-w- c:\\windows\\system32\\drivers\\http.sys
2009-12-20 05:48 . 2009-08-10 11:01 1399296 ----a-w- c:\\windows\\system32\\msxml6.dll
2009-12-20 05:48 . 2009-08-10 11:00 1257472 ----a-w- c:\\windows\\system32\\msxml3.dll
2009-12-20 05:48 . 2009-08-24 12:16 378368 ----a-w- c:\\windows\\system32\\winhttp.dll
2009-12-20 05:46 . 2009-10-07 12:41 244224 ----a-w- c:\\windows\\system32\\rastls.dll
2009-12-20 05:46 . 2009-10-07 12:41 281600 ----a-w- c:\\windows\\system32\\raschap.dll
2009-12-10 18:47 . 2009-12-10 18:47 -------- d-----w- c:\\windows\\Sun
2009-12-08 03:36 . 2009-12-08 03:36 -------- d-----w- c:\\programdata\\HP Product Assistant
2009-12-08 03:31 . 2009-12-08 03:37 77354 ----a-w- c:\\windows\\hpqins05.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-31 14:09 . 2009-09-28 08:23 680 ----a-w- c:\\users\\Administrator\\AppData\\Local\\d3d9caps.dat
2009-12-31 11:07 . 2006-11-02 11:18 -------- d-----w- c:\\program files\\Windows Mail
2009-12-30 02:08 . 2009-09-28 08:24 82056 ----a-w- c:\\users\\Administrator\\AppData\\Local\\GDIPFONTCACHEV1.DAT
2009-12-21 08:17 . 2009-10-17 08:59 -------- d-----w- c:\\program files\\Google
2009-12-19 20:10 . 2009-09-29 19:58 -------- d-----w- c:\\program files\\McAfee
2009-12-19 11:55 . 2009-09-29 19:48 -------- d-----w- c:\\programdata\\McAfee
2009-12-15 03:26 . 2009-10-12 09:29 -------- d-----w- c:\\users\\Administrator\\AppData\\Roaming\\HpUpdate
2009-12-08 03:37 . 2009-10-05 03:53 -------- d-----w- c:\\programdata\\HP
2009-12-08 03:34 . 2009-11-22 09:37 -------- d-----w- c:\\program files\\Java
2009-12-04 23:36 . 2009-09-28 20:49 604856 ----a-w- c:\\windows\\system32\\perfh005.dat
2009-12-04 23:36 . 2009-09-28 20:49 119152 ----a-w- c:\\windows\\system32\\perfc005.dat
2009-11-27 09:10 . 2009-11-22 09:40 -------- d-----w- c:\\users\\Administrator\\AppData\\Roaming\\LimeWire
2009-11-27 08:53 . 2009-11-20 00:16 -------- d-----w- c:\\users\\Administrator\\AppData\\Roaming\\Apple Computer
2009-11-23 07:58 . 2009-11-23 07:58 -------- d-----w- c:\\program files\\softendo.com
2009-11-22 11:24 . 2009-09-30 04:36 -------- d-----w- c:\\program files\\PhotoshopCS4Portable
2009-11-22 10:47 . 2009-11-22 09:53 -------- d-----w- c:\\users\\Administrator\\AppData\\Roaming\\Auslogics
2009-11-22 09:46 . 2009-11-22 09:46 -------- d-----w- c:\\program files\\Auslogics
2009-11-22 09:38 . 2009-11-22 09:36 -------- d-----w- c:\\program files\\LimeWire
2009-11-22 01:45 . 2009-11-22 01:45 -------- d-----w- c:\\programdata\\LightScribe
2009-11-21 06:40 . 2009-12-20 05:49 916480 ----a-w- c:\\windows\\system32\\wininet.dll
2009-11-21 06:34 . 2009-12-20 05:49 71680 ----a-w- c:\\windows\\system32\\iesetup.dll
2009-11-21 06:34 . 2009-12-20 05:49 109056 ----a-w- c:\\windows\\system32\\iesysprep.dll
2009-11-21 04:59 . 2009-12-20 05:49 133632 ----a-w- c:\\windows\\system32\\ieUnatt.exe
2009-11-20 00:16 . 2009-11-20 00:14 -------- d-----w- c:\\programdata\\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-20 00:16 . 2009-11-20 00:14 -------- d-----w- c:\\program files\\iTunes
2009-11-20 00:15 . 2009-11-20 00:15 -------- d-----w- c:\\program files\\iPod
2009-11-20 00:15 . 2009-11-19 23:58 -------- d-----w- c:\\program files\\Common Files\\Apple
2009-11-20 00:14 . 2009-11-20 00:07 -------- d-----w- c:\\programdata\\Apple Computer
2009-11-20 00:09 . 2009-11-20 00:09 -------- d-----w- c:\\program files\\Bonjour
2009-11-20 00:08 . 2009-11-20 00:07 -------- d-----w- c:\\program files\\QuickTime
2009-11-20 00:05 . 2009-11-20 00:05 -------- d-----w- c:\\program files\\Apple Software Update
2009-11-19 23:58 . 2009-11-19 23:58 -------- d-----w- c:\\programdata\\Apple
2009-11-18 23:37 . 2009-10-30 21:05 680 ----a-w- c:\\users\\Guest\\AppData\\Local\\d3d9caps.dat
2009-11-15 15:29 . 2009-10-01 14:40 -------- d-----w- c:\\programdata\\NOS
2009-11-15 15:28 . 2009-11-15 15:28 -------- d-----w- c:\\program files\\NOS
2009-11-03 04:42 . 2009-10-02 23:27 195456 ------w- c:\\windows\\system32\\MpSigStub.exe
2009-10-26 17:52 . 2009-10-12 09:33 116840 ----a-w- c:\\windows\\hpqins00.dat
2009-10-21 00:07 . 2009-10-20 07:31 178388 ----a-w- c:\\windows\\hpwins20.dat
2009-10-11 12:17 . 2009-11-22 09:38 411368 ----a-w- c:\\windows\\system32\\deploytk.dll
2008-10-26 14:40 . 2008-10-26 13:53 8192 --sha-w- c:\\windows\\Users\\Default\\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
"LightScribe Control Panel"="c:\\program files\\Common Files\\LightScribe\\LightScribeControlPanel.exe" [2007-10-18 455968]
"ehTray.exe"="c:\\windows\\ehome\\ehTray.exe" [2008-10-26 125952]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
"GrooveMonitor"="c:\\program files\\Microsoft Office\\Office12\\GrooveMonitor.exe" [2006-10-27 31016]
"HP Software Update"="c:\\program files\\HP\\HP Software Update\\HPWuSchd2.exe" [2007-10-15 49152]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\policies\\system]
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\Minimal\\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\Minimal\\MCODS]
@=""

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\Minimal\\WinDefend]
@="Service"
path=
backup=

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\mcagent_exe]
2009-10-29 14:54 1218008 ----a-w- c:\\program files\\McAfee.com\\Agent\\mcagent.exe

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Sidebar]
2008-10-26 14:18 1233920 ----a-w- c:\\program files\\Windows Sidebar\\sidebar.exe

[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center\\Svc\\S-1-5-21-604083099-196837364-2748249966-500]
"EnableNotificationsRef"=dword:00000001

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\\progra~1\\mcafee\\SITEAD~1\\mcsacore.exe [19/12/2009 03:55 93320]
S2 gupdate;Google Update Service (gupdate);c:\\program files\\Google\\Update\\GoogleUpdate.exe [17/10/2009 01:00 133104]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_LOCAL_MACHINE\\software\\microsoft\\active setup\\installed components\\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-10-18 22:25 451872 ----a-w- c:\\program files\\Common Files\\LightScribe\\LSRunOnce.exe

[HKEY_LOCAL_MACHINE\\software\\microsoft\\active setup\\installed components\\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-12 00:23 38400 ----a-w- c:\\windows\\System32\\SoundSchemes.exe

[HKEY_LOCAL_MACHINE\\software\\microsoft\\active setup\\installed components\\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
2008-08-28 17:50 30720 ----a-w- c:\\windows\\System32\\soundschemes2.exe
.
Contents of the 'Scheduled Tasks' folder

2009-12-31 c:\\windows\\Tasks\\GoogleUpdateTaskMachineCore.job
- c:\\program files\\Google\\Update\\GoogleUpdate.exe [2009-10-17 08:59]

2009-12-31 c:\\windows\\Tasks\\GoogleUpdateTaskMachineUA.job
- c:\\program files\\Google\\Update\\GoogleUpdate.exe [2009-10-17 08:59]

2009-12-15 c:\\windows\\Tasks\\McDefragTask.job
- c:\\progra~1\\mcafee\\mqc\\QcConsol.exe [2009-10-21 19:22]

2009-12-01 c:\\windows\\Tasks\\McQcTask.job
- c:\\progra~1\\mcafee\\mqc\\QcConsol.exe [2009-10-21 19:22]

2009-12-31 c:\\windows\\Tasks\\RegCure Program Check.job
- c:\\windows.old\\Program Files\\RegCure\\RegCure.exe [2007-10-16 08:20]

2009-12-31 c:\\windows\\Tasks\\RegCure.job
- c:\\windows.old\\Program Files\\RegCure\\RegCure.exe [2007-10-16 08:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\\progra~1\\MICROS~2\\Office12\\EXCEL.EXE/3000
FF - ProfilePath - c:\\users\\Administrator\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\czczou03.default\\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2247187&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Mario Forever Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\\program files\\McAfee\\SiteAdvisor\\components\\McFFPlg.dll
FF - component: c:\\program files\\Mozilla Firefox\\extensions\\{B13721C7-F507-4982-B2E5-502A71474FED}\\components\\NPComponent.dll
FF - component: c:\\users\\Administrator\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\czczou03.default\\extensions\\{707db484-2428-402d-afb5-d85b387544c7}\\components\\FFExternalAlert.dll
FF - plugin: c:\\program files\\Google\\Google Earth\\plugin\\npgeplugin.dll
FF - plugin: c:\\program files\\Google\\Update\\1.2.183.13\\npGoogleOneClick8.dll
FF - plugin: c:\\users\\Administrator\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\czczou03.default\\extensions\\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\\plugins\\np_gp.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\\windows\\Microsoft.NET\\Framework\\v3.5\\Windows Presentation Foundation\\DotNetAssistantExtension\\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-fmgxgmho - c:\\users\\Administrator\\AppData\\Local\\bylfnu\\igqasysguard.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\\program files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe
AddRemove-Adobe Acrobat 5.0 - c:\\program files\\Common Files\\Adobe\\Acrobat 5.0\\NT\\Uninst.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-31 07:36
Windows 6.0.6001 Service Pack 1 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Internet Explorer\\User Preferences]
@Denied: (2) (Administrator)
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2c,ab,73,25,91,ea,0f,46,9d,9f,7f,\\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2c,ab,73,25,91,ea,0f,46,9d,9f,7f,\\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2c,ab,73,25,91,ea,0f,46,9d,9f,7f,\\

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.aif\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.aifc\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.aiff\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.asf\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.asx\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.au\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.avi\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.avi"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.cda\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.docx\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\\\WINWORD.EXE"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.htm\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.html\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.jpg\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="jpegfile"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.m1v\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.M2V\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.m3u\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M3U"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.mid\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.midi\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.MOD\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.mp2\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.mp2v\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.mp3\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.mpa\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.mpe\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.mpeg\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.mpg\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.mpv2\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.pbm\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\\\PhotoSnap.exe"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.psd\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\\\PhotoSnap.exe"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.rmi\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.shtml\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.snd\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.txt\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\\\wordicon.exe"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.wav\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.wax\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.wm\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.wma\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.wmd\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.wms\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.wmv\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.wmx\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.wmz\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.wpl\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.wvx\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.xht\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\\S-1-5-21-604083099-196837364-2748249966-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.xhtml\\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
Completion time: 2009-12-31 07:59:21
ComboFix-quarantined-files.txt 2009-12-31 15:59

Pre-Run: 28,965,888,000 bytes free
Post-Run: 28,953,296,896 bytes free

- - End Of File - - CD37800DBAAC1B966E5F76C2C105D09C

descriptionI'm lookin for an expert who would be so kind to look trough my ComboFixLog. EmptyRe: I'm lookin for an expert who would be so kind to look trough my ComboFixLog.1st January 2010, 8:21 pm

more_horiz
Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
I'm lookin for an expert who would be so kind to look trough my ComboFixLog. DXwU4
I'm lookin for an expert who would be so kind to look trough my ComboFixLog. VvYDg
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum