Buffelmaster

June 28, 2012

great, pop up seems to be gone

Thank you for all the help.

June 27, 2012

<p>Runned the scan, nothing found. Log says following:</p>

<div>ESETSmartInstaller@High as CAB hook log:</div>

<div>OnlineScanner64.ocx - registred OK</div>

<div>OnlineScanner.ocx - registred OK</div>

June 27, 2012

I have performed the steps you have mentioned. Following is the log file.

Sander

Logfile:

ComboFix 12-06-26.02 - Sander 27-06-2012 15:52:33.2.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1033.18.2046.801 [GMT 2:00]

Gestart vanuit: c:\users\Sander\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Sander\Desktop\CFScript.txt.txt

AV: AVG Anti-Virus plus Firewall *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}

SP: AVG Anti-Virus plus Firewall *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Sander\AppData\Local\Temp\b3ac04aa-9413-4ecb-ac45-ed44495e62a6\CliSecureRT.dll

c:\users\Sander\AppData\Roaming\Ewdoid

c:\users\Sander\AppData\Roaming\Ewdoid\ebut.tmp

c:\users\Sander\AppData\Roaming\Xidyki

c:\users\Sander\AppData\Roaming\Xidyki\utcyv.fio

c:\users\Sander\AppData\Roaming\Xidyki\utcyv.tmp

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-05-27 to 2012-06-27 ))))))))))))))))))))))))))))))

.

2012-06-27 14:02 . 2012-06-27 14:02 -------- d-----w- c:\users\Mcx1-SANDER-PC\AppData\Local\temp

2012-06-24 11:24 . 2012-06-24 11:24 335872 ----a-r- c:\users\Sander\AppData\Roaming\Microsoft\Installer\{7F05E704-30A6-421A-97A7-8EEB1C7FF012}\NewShortcut8.exe

2012-06-24 11:24 . 2012-06-24 11:24 86016 ----a-r- c:\users\Sander\AppData\Roaming\Microsoft\Installer\{7F05E704-30A6-421A-97A7-8EEB1C7FF013}\NewShortcut1.exe

2012-06-24 11:24 . 2012-06-24 11:24 335872 ----a-r- c:\users\Sander\AppData\Roaming\Microsoft\Installer\{7F05E704-30A6-421A-97A7-8EEB1C7FF014}\NewShortcut2.exe

2012-06-24 11:23 . 2012-06-24 11:23 86016 ----a-r- c:\users\Sander\AppData\Roaming\Microsoft\Installer\{1A9DAB4D-46CD-4CBF-A9FC-28D8AA8D2FCF}\ARPPRODUCTICON.exe

2012-06-24 11:23 . 2012-06-24 11:23 86016 ----a-r- c:\users\Sander\AppData\Roaming\Microsoft\Installer\{AEFBAC58-2DDD-4CEF-BDFD-52A5A5F432ED}\ARPPRODUCTICON.exe

2012-06-24 11:23 . 2012-06-24 11:23 86016 ----a-r- c:\users\Sander\AppData\Roaming\Microsoft\Installer\{7F05E704-30A6-421A-97A7-8EEB1C7FF100}\ARPPRODUCTICON.exe

2012-06-24 11:22 . 2012-06-24 11:22 86016 ----a-r- c:\users\Sander\AppData\Roaming\Microsoft\Installer\{D2827848-7D2A-4547-9AD1-C965FB3E6344}\ARPPRODUCTICON.exe

2012-06-24 11:21 . 2012-06-24 11:21 86016 ----a-r- c:\users\Sander\AppData\Roaming\Microsoft\Installer\{9D306690-3173-42CD-94C6-9EF9318AF24B}\ARPPRODUCTICON.exe

2012-06-24 11:21 . 2012-06-24 11:21 86016 ----a-r- c:\users\Sander\AppData\Roaming\Microsoft\Installer\{D0160DD3-6F62-4F1E-B999-6C68D3AE7390}\ARPPRODUCTICON.exe

2012-06-24 10:06 . 2012-06-24 10:06 -------- d-----w- C:\sh4ldr

2012-06-24 10:06 . 2012-06-24 10:06 110080 ----a-r- c:\users\Sander\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\IconF7A21AF7.exe

2012-06-20 15:44 . 2012-06-26 15:28 -------- d-----w- c:\users\Sander\AppData\Local\Windows Live

2012-06-14 16:28 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-14 16:28 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-06-14 16:28 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-20 15:49 . 2011-03-28 16:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-06-12 15:54 . 2012-03-30 11:23 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-12 15:54 . 2011-10-23 10:14 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-23 19:38 . 2012-05-23 19:38 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin

2012-05-05 17:49 . 2012-04-14 17:44 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-04-04 13:56 . 2012-05-18 20:07 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-30 11:35 . 2012-05-09 18:18 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

2007-03-12 17:59 . 2007-03-12 17:59 299008 ----a-w- c:\program files (x86)\navigram_register.exe

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

"MyTomTomSA.exe"="c:\program files (x86)\MyTomTom 3\MyTomTomSA.exe" [2011-11-14 435672]

"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-11-02 21392]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"CTxfiHlp"="CTXFIHLP.EXE" [2009-06-03 25600]

"AVG9_TRAY"="c:\progra~2\AVG\AVG9\avgtray.exe" [2012-01-28 2077536]

"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]

"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2009-12-15 75048]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-11-02 928656]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-11-02 3508624]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-10-15 1207312]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-22 136176]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-12 257224]

R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-10-15 79360]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-10-15 79360]

R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2009-06-04 202776]

R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2009-06-04 1417240]

R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2009-06-04 94744]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-02-15 99384]

R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-02 13088]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-12-11 1038088]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-22 136176]

R3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [2009-06-10 867328]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2011-10-27 203320]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\drivers\vpcuxd.sys [2010-11-20 16384]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-03 1255736]

R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-11-11 306416]

S0 AvgRkx64;avgrkx64.sys;c:\windows\System32\Drivers\avgrkx64.sys [2010-03-05 56008]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-10-15 871408]

S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2009-10-23 29976]

S1 AvgLdx64;AVG AVI Loader Driver x64;c:\windows\System32\Drivers\avgldx64.sys [2010-06-22 269904]

S1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;c:\windows\System32\Drivers\avgmfx64.sys [2011-09-13 35664]

S1 AvgTdiA;AVG Network Redirector x64;c:\windows\System32\Drivers\avgtdia.sys [2011-05-05 317520]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/01/25 21:07];c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\000.fcl [2009-12-15 11:28 146928]

S2 avg9wd;AVG WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [2010-06-22 308136]

S2 avgfws9;AVG Firewall;c:\program files (x86)\AVG\AVG9\avgfws9.exe [2010-11-25 2331544]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-09-27 240232]

S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2009-06-04 202776]

S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2009-06-04 1417240]

S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2009-06-04 94744]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]

.

Inhoud van de 'Gedeelde Taken' map

.

2012-06-27 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 15:54]

.

2012-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-22 14:35]

.

2012-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-22 14:35]

.

2012-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-120121219-856620432-35687517-1001Core.job

- c:\users\Sander\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-15 09:21]

.

2012-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-120121219-856620432-35687517-1001UA.job

- c:\users\Sander\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-15 09:21]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\avgrssta.dll

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: Interfaces\{61EA10B9-483A-4718-A9BC-192C664F8994}: NameServer = 195.121.1.34,195.121.1.66

DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_IKEA_Win32.cab

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]

"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\000.fcl"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\software\Network Associates]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe

c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files (x86)\AVG\AVG9\avgam.exe

.

**************************************************************************

.

Voltooingstijd: 2012-06-27 16:16:20 - machine werd herstart

ComboFix-quarantined-files.txt 2012-06-27 14:16

ComboFix2.txt 2012-06-26 18:48

.

Pre-Run: 24.210.534.400 bytes free

Post-Run: 23.631.716.352 bytes free

.

- - End Of File - - 43B969C9B0EA3788212C984382447A38

June 26, 2012

Hi,

Hereby the log. Parts are in Dutch, if needed I can translate this.

How can I check if combofix is really uninstalled? I got an error during the process (that AVG was back on since I activated it again) so I tried again since I also didn't see the popup but that happened to be at the back somewhere. But since I did the process more then once I'm not sure the program is really gone/

Regards,

Sander

ComboFix 12-06-26.02 - Sander 26-06-2012 20:19:14.1.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1033.18.2046.1027 [GMT 2:00]

Gestart vanuit: c:\users\Sander\Desktop\ComboFix.exe

AV: AVG Anti-Virus plus Firewall *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}

SP: AVG Anti-Virus plus Firewall *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\668700870D.sys

c:\programdata\windows

c:\programdata\windows\ccdxmmde.dat

c:\programdata\windows\drss.dat

c:\programdata\Windows\msseedir.dll

c:\programdata\windows\xessmsxe.dat

c:\users\Sander\AppData\Local\Temp\b3ac04aa-9413-4ecb-ac45-ed44495e62a6\CliSecureRT.dll

c:\users\Sander\AppData\Roaming\Axve

c:\users\Sander\AppData\Roaming\Axve\umsoa.riu

c:\users\Sander\AppData\Roaming\Elyhe

c:\users\Sander\AppData\Roaming\Elyhe\eglai.apa

c:\users\Sander\AppData\Roaming\Fypya

c:\users\Sander\AppData\Roaming\Fypya\dyoke.zog

c:\users\Sander\Documents\~WRD0003.tmp

c:\windows\security\Database\tmp.edb

c:\windows\SysWow64\muzapp.exe

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-05-26 to 2012-06-26 ))))))))))))))))))))))))))))))