2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.997.181 [GMT 3:00]
Running from: c:\documents and settings\sdgftr\My Documents\Downloads\ComboFix.e
xe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))
)))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\20263e3142373b5d5b46355d413
b5f_c
c:\documents and settings\All Users\Application Data\ACD Systems\ACDSee\ImageDB.
ddf
c:\documents and settings\All Users\Application Data\cONttINueToosavveo
c:\documents and settings\All Users\Application Data\cONttINueToosavveo\519f05df
144ee.dll
c:\documents and settings\All Users\Application Data\cONttINueToosavveo\519f05df
144ee.tlb
c:\documents and settings\All Users\Application Data\cONttINueToosavveo\data\cON
ttINueToosavveo.dat
c:\documents and settings\All Users\Application Data\cONttINueToosavveo\settings
.ini
c:\documents and settings\All Users\Application Data\cONttINueToosavveo\uninstal
l.exe
c:\documents and settings\All Users\Start Menu\Programs\cONttINueToosavveo
c:\documents and settings\All Users\Start Menu\Programs\cONttINueToosavveo\cONtt
INueToosavveo.lnk
c:\documents and settings\All Users\Start Menu\Programs\cONttINueToosavveo\Unins
tall.lnk
c:\documents and settings\sdgftr\Application Data\DefaultTab\DefaultTab
c:\documents and settings\sdgftr\Application Data\DefaultTab\DefaultTab\uninstal
ldt.exe
c:\program files\BasicServe
c:\program files\BasicServe\basicserve.dll
c:\program files\BasicServe\basicserve.exe
c:\program files\BasicServe\BasicServe_deleted_\basicserve.dll
c:\program files\BasicServe\BasicServe_deleted_\basicserve.exe
c:\program files\BasicServe\uninstall.exe
c:\program files\DefaultTab
c:\program files\DefaultTab\DefaultTab.crx
c:\program files\DefaultTab\DefaultTabSearch.exe
c:\program files\DefaultTab\uid
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))
))))))))))))))))))))))))))))))
.
.
-------\Legacy_DEFAULTTABSEARCH
-------\Service_DefaultTabSearch
-------\Legacy_BasicServe_Service
-------\Legacy_BasicServe_Service
-------\Service_BasicServe Service
-------\Service_BasicServe Service
.
.
((((((((((((((((((((((((( Files Created from 2013-06-19 to 2013-07-19 )))))))
))))))))))))))))))))))))
.
.
2013-07-19 19:10 . 2013-07-19 19:10
-------d-----wc:\docum
ents and settings\All Users\Application Data\AVAST Software
2013-07-19 18:48 . 2013-07-19 18:50
-------d-----wc:\docum
ents and settings\All Users\Application Data\BasicServe
2013-07-19 18:47 . 2013-07-19 18:47
-------d-----wc:\progr
am files\SimilarSites
2013-07-19 18:47 . 2013-07-19 18:47
-------d-----wc:\docum
ents and settings\sdgftr\Application Data\SimilarSites
2013-07-19 18:47 . 2013-07-19 18:47
-------d-----wc:\docum
ents and settings\sdgftr\Application Data\WebCake
2013-07-19 18:47 . 2013-07-19 18:47
-------d-----wc:\progr
am files\WebCake
2013-07-18 20:13 . 2013-07-18 20:13
-------d-----wC:\MSI
2013-07-15 19:02 . 2013-07-15 19:02
-------d-----wC:\Outpu
t
2013-07-15 19:02 . 2013-07-15 19:02
-------d-----wC:\PDFPa
sswordRemover
2013-07-09 02:27 . 2013-07-13 02:00
-------d-----wc:\progr
am files\PokerStars.EU
2013-07-05 19:00 . 2013-07-05 19:00
-------d--h--wc:\windo
ws\PIF
2013-07-03 03:47 . 2013-07-03 03:54
-------d-----wc:\docum
ents and settings\sdgftr\Application Data\TeamViewer
2013-06-27 22:59 . 2013-06-27 22:59
-------d-----wc:\progr
am files\ExpressPCB
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))
)))))))))))))))))))))))))))))))
.
2013-06-13 08:05 . 2008-03-10 11:12
71048 ----a-wc:\windows\syste
m32\FlashPlayerCPLApp.cpl
2013-06-13 08:05 . 2008-03-10 11:12
692104 ----a-wc:\windows\syste
m32\FlashPlayerApp.exe
2013-06-13 08:05 . 2013-06-12 06:05
9089416 ----a-wc:\windows\syste
m32\FlashPlayerInstaller.exe
2013-05-23 10:43 . 2013-05-23 10:43
73728 ----a-rc:\documents and
settings\sdgftr\Application Data\Microsoft\Installer\{7130468A-F53F-4698-8C09-A
339EA3B05E6}\NewShortcut47_74B9CE5DF1F4447F982DCA29A461B529.exe
2013-05-23 10:43 . 2013-05-23 10:43
73728 ----a-rc:\documents and
settings\sdgftr\Application Data\Microsoft\Installer\{7130468A-F53F-4698-8C09-A
339EA3B05E6}\NewShortcut46_74B9CE5DF1F4447F982DCA29A461B529.exe
2013-05-23 10:43 . 2013-05-23 10:43
53248 ----a-rc:\documents and
settings\sdgftr\Application Data\Microsoft\Installer\{7130468A-F53F-4698-8C09-A
339EA3B05E6}\ARPPRODUCTICON.exe
2013-05-23 10:43 . 2013-05-23 10:43
49152 ----a-rc:\documents and
settings\sdgftr\Application Data\Microsoft\Installer\{7130468A-F53F-4698-8C09-A
339EA3B05E6}\Uninstall_QA_OTI_H_FE5D756F71E147C4972AD6775344B40B.exe
2013-05-23 10:43 . 2013-05-23 10:43
49152 ----a-rc:\documents and
settings\sdgftr\Application Data\Microsoft\Installer\{7130468A-F53F-4698-8C09-A
339EA3B05E6}\NewShortcut2_1C7B7089989A424FB39D41A32581C775.exe
2013-05-22 10:26 . 2013-05-22 10:26
33824 ----a-wc:\windows\syste
m32\drivers\oreans32.sys
.
.
------- Sigcheck ------Note: Unsigned files aren't necessarily malware.
.
2010-03-16 00:58
718208 ----a-wc:\program files\Microsoft Offic
e\Office14\MSOSYNC.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite
Tray]
2012-06-26 10:10
1516632 ----a-wc:\program files\Nokia\Nokia PC
Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persiste
nce]
2007-09-11 06:51
137752 ----a-wc:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX
PnP]
2007-05-08 07:28
1015808 ----a-wc:\program files\Analog Devices\
Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaU
pdateSched]
2007-07-12 02:00
132496 ----a-wc:\program files\Java\jre1.6.0_0
2\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WLAN CAR
D WLAN Monitor]
2003-12-26 10:26
630784 ----a-wc:\program files\WLAN CARD\WlanM
on.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz
edApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Nokia\\Phoenix\\phoenix.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Fuse\\FuseService.exe"=
"c:\\Program Files\\ODEON\\JAF\\JCOP.EXE"=
"d:\\gabi\\Documents\\utorrent.exe"=
"c:\\Documents and Settings\\sdgftr\\Application Data\\uTorrent\\uTorrent.exe"=
.
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [5/22/2013 1:26 PM
33824]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\progra
m files\Intel\AMT\UNS.exe [3/10/2008 2:06 PM 2521880]
R2 WebCake Desktop Updater;WebCake Desktop Updater;c:\program files\WebCake\WebC
akeDesktop.Updater.exe [7/19/2013 9:47 PM 23552]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system
32\drivers\A3AB.sys [3/10/2008 2:07 PM 547744]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu
.sys [5/14/2013 4:56 PM 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sy
s [5/14/2013 4:56 PM 8576]
.
--- Other Services/Drivers In Memory --.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66
}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700
_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66
}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66
}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66
}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C
9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C
9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C
9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes --------------------.
- - - - - - - > 'explorer.exe'(520)
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
.
------------------------ Other Running Processes -----------------------.
c:\program files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
c:\program files\Intel\AMT\atchksrv.exe
c:\windows\system32\crypserv.exe
c:\program files\Intel\AMT\LMS.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2013-07-19 22:20:03 - machine was rebooted
ComboFix-quarantined-files.txt 2013-07-19 19:20
.
Pre-Run: 46.876.160.000 bytes free
Post-Run: 47.465.299.968 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]