Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93125 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Infection: "system-check.com" [Solved]

Started by Dean N , Dec 27 2011 10:34 PM

  • This topic is locked This topic is locked
133 replies to this topic

#106 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 05 January 2012 - 05:50 PM

Winlogon.exe, svchost.exe reside in the system32 folder, the dllcache is a back up folder for these files, this is where we are trying to expand them so that Combofix can go to that folder and replace the infected ones. On the other hand, explorer.exe needs to be extracted to the dllcache as well but its home is C:\windows

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

    Advertisements

Register to Remove

#107 Dean N

Dean N

    Authentic Member

  • Authentic Member
  • PipPip
  • 152 posts

Posted 05 January 2012 - 09:06 PM

The third one from post 104 (expand D:\I386\explorer.ex_ c:\windows\system32\dllcache\explorer.exe) expanded; the others did not...

#108 oldman960

oldman960

    Forum God

  • Retired Classroom Teacher
  • 14,770 posts

Posted 05 January 2012 - 09:40 PM

Hi Dan,

There was a mistake in post 104. Use these lines instead

expand D:\I386\winlogon.ex_ c:\windows\system32\dllcache\winlogon.exe
expand D:\I386\svchost.ex_ c:\windows\system32\dllcache\svchost.exe

Report back then wait to see what Ken wants next.

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation 5Iv60h9.jpg
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#109 Dean N

Dean N

    Authentic Member

  • Authentic Member
  • PipPip
  • 152 posts

Posted 05 January 2012 - 10:13 PM

Thanks Oldman, I got those two done as well.

#110 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 06 January 2012 - 05:50 AM

Hello Dean,

In general, how is your system running now ?


c:\windows\ERDNT <--Delete this folder but leave it in the recycle bin for now


Then drag Combofix to the trash and download a fresh updated copy , run it and post the log please

Link 1

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#111 Dean N

Dean N

    Authentic Member

  • Authentic Member
  • PipPip
  • 152 posts

Posted 06 January 2012 - 08:12 AM

Internet is still very unstable, i.e. locks up/freezes, navigation becomes disabled, and the machine will spontaneously shut down.

ERDNT is sitting in the bin.


ComboFix:

ComboFix 12-01-05.04 - Dean Nicholson 01/06/2012 8:11.10.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2493 [GMT -5:00]
Running from: E:\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\aehuaaa.tmp
c:\documents and settings\All Users\Application Data\cdeuaaa.tmp
c:\documents and settings\All Users\Application Data\ddeuaaa.tmp
c:\documents and settings\All Users\Application Data\edeuaaa.tmp
c:\documents and settings\All Users\Application Data\fdeuaaa.tmp
c:\documents and settings\All Users\Application Data\gdeuaaa.tmp
c:\documents and settings\All Users\Application Data\wdhuaaa.tmp
c:\documents and settings\All Users\Application Data\xdhuaaa.tmp
c:\documents and settings\All Users\Application Data\ydhuaaa.tmp
c:\documents and settings\All Users\Application Data\zdhuaaa.tmp
c:\windows\system32\dllc.dat
c:\windows\system32\svch.dat
c:\windows\system32\winl.dat
.
Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{49958B21-B9D7-4D32-8066-483A17B38D14}\RP3\A0015986.exe
.
Infected copy of c:\windows\system32\svchost.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{49958B21-B9D7-4D32-8066-483A17B38D14}\RP3\A0015985.exe
.
Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{49958B21-B9D7-4D32-8066-483A17B38D14}\RP4\A0017159.exe
.
Infected copy of c:\windows\system32\svchost.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{49958B21-B9D7-4D32-8066-483A17B38D14}\RP3\A0015985.exe
.
((((((((((((((((((((((((( Files Created from 2011-12-06 to 2012-01-06 )))))))))))))))))))))))))))))))
.
.
2012-01-05 14:42 . 2012-01-05 14:42 -------- d-----w- C:\_OTL
2012-01-04 02:16 . 2011-08-17 13:49 138496 -c--a-w- c:\windows\system32\dllcache\afd.sys
2012-01-04 02:16 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-01-02 22:55 . 2012-01-01 17:17 4702720 ----a-w- C:\aswMBR.exe
2012-01-01 03:06 . 2012-01-01 03:06 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2012-01-01 03:06 . 2012-01-01 03:06 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2012-01-01 00:31 . 2012-01-01 00:31 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2012-01-01 00:29 . 2012-01-01 00:29 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-12-30 19:28 . 2011-12-30 19:28 -------- d-----w- c:\program files\ESET
2011-12-30 12:21 . 2012-01-01 06:39 -------- d-----w- c:\windows\system32\LogFiles
2011-12-30 01:16 . 2011-12-30 01:16 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-12-21 00:36 . 2011-12-29 01:52 -------- d-----w- c:\documents and settings\Dean Nicholson\Application Data\Skype
2011-12-21 00:36 . 2011-12-29 01:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2011-12-18 21:32 . 2011-12-18 21:32 -------- d-----w- c:\documents and settings\Dean Nicholson\Application Data\Yahoo!
2011-12-18 21:29 . 2011-12-23 05:00 -------- d-----w- c:\program files\Yahoo!
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-28 00:19 . 2011-07-01 01:56 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 20:24 . 2011-07-01 02:22 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 13:25 . 2010-08-30 18:15 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2010-08-30 18:15 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2010-08-30 18:15 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2010-08-30 18:15 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2010-08-30 18:15 385024 ------w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2010-08-30 18:15 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2010-08-30 18:15 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2008-04-14 00:54 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2008-04-14 00:01 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2010-08-30 18:15 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2010-08-30 18:26 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-10 12:31 . 2011-07-02 02:13 17712 ----a-w- c:\windows\system32\nitrolocalui2.dll
2011-10-10 12:31 . 2011-07-02 02:13 26416 ----a-w- c:\windows\system32\nitrolocalmon2.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-01-04_03.04.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-06 13:00 . 2012-01-06 13:00 16384 c:\windows\temp\Perflib_Perfdata_bc4.dat
+ 2012-01-06 13:47 . 2012-01-06 13:47 16384 c:\windows\temp\Perflib_Perfdata_864.dat
+ 2010-08-30 18:15 . 2008-08-21 17:00 14336 c:\windows\system32\svchost.exe
+ 2012-01-06 04:26 . 2012-01-06 04:26 74240 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{AA2B5E34-381E-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 02:41 . 2012-01-06 02:48 20480 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F4126A72-380F-11E1-84DC-00197E0B8494}.dat
+ 2012-01-06 03:46 . 2012-01-06 03:46 10240 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F28F08BA-3818-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 04:14 . 2012-01-06 04:14 18944 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{EB24D588-381C-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 04:28 . 2012-01-06 04:30 99328 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{E2114046-381E-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 02:55 . 2012-01-06 03:01 22528 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{D781051E-3811-11E1-84DC-00197E0B8494}.dat
+ 2012-01-06 03:45 . 2012-01-06 03:46 10240 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{D68B673A-3818-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 03:23 . 2012-01-06 03:28 72704 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{CBC91C52-3815-11E1-84DC-00197E0B8494}.dat
+ 2012-01-06 04:13 . 2012-01-06 04:13 38400 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{C8A36CFE-381C-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 04:42 . 2012-01-06 04:42 38912 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{C7C54EF2-3820-11E1-84DE-00197E0B8494}.dat
+ 2012-01-06 03:08 . 2012-01-06 03:09 22528 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{C6622FB9-3813-11E1-84DC-00197E0B8494}.dat
+ 2012-01-06 04:20 . 2012-01-06 04:21 59392 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{C20E4E34-381D-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 04:41 . 2012-01-06 04:42 25088 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{BFD39914-3820-11E1-84DE-00197E0B8494}.dat
+ 2012-01-06 03:44 . 2012-01-06 03:46 10240 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{BB92CD1A-3818-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 02:54 . 2012-01-06 03:01 16896 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{B2E89844-3811-11E1-84DC-00197E0B8494}.dat
+ 2012-01-06 03:43 . 2012-01-06 03:46 10240 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A6FDC026-3818-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 04:41 . 2012-01-06 04:41 41472 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A4FC5FE0-3820-11E1-84DE-00197E0B8494}.dat
+ 2012-01-06 04:41 . 2012-01-06 04:44 89600 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A13929D8-3820-11E1-84DE-00197E0B8494}.dat
+ 2012-01-06 03:58 . 2012-01-06 03:58 13312 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A05AD2FC-381A-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 04:26 . 2012-01-06 04:26 11264 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9D7756A6-381E-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 03:00 . 2012-01-06 03:06 13312 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9CBB52E4-3812-11E1-84DC-00197E0B8494}.dat
+ 2012-01-06 04:33 . 2012-01-06 04:33 25600 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{98398A7C-381F-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 03:43 . 2012-01-06 03:46 10240 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{88AF9C2A-3818-11E1-84DD-00197E0B8494}.dat
+ 2012-01-05 13:59 . 2012-01-05 14:03 20480 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{85C2CEFA-37A5-11E1-84D5-00197E0B8494}.dat
+ 2012-01-06 03:28 . 2012-01-06 03:35 87552 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{82EA7CA6-3816-11E1-84DC-00197E0B8494}.dat
+ 2012-01-05 13:59 . 2012-01-05 14:00 97280 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{82D167E2-37A5-11E1-84D5-00197E0B8494}.dat
+ 2012-01-06 03:21 . 2012-01-06 03:27 18432 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7C91EC5F-3815-11E1-84DC-00197E0B8494}.dat
+ 2012-01-06 03:42 . 2012-01-06 03:46 10240 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{72A902B8-3818-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 04:10 . 2012-01-06 04:11 41984 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6A2CA11C-381C-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 03:56 . 2012-01-06 03:57 14848 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{67C2208E-381A-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 04:32 . 2012-01-06 04:34 22016 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{61E8F82C-381F-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 03:27 . 2012-01-06 03:28 21504 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5E7F82F4-3816-11E1-84DC-00197E0B8494}.dat
+ 2012-01-06 03:27 . 2012-01-06 03:28 25600 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5B73D3F5-3816-11E1-84DC-00197E0B8494}.dat
+ 2012-01-06 04:10 . 2012-01-06 04:10 19456 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5B13DD36-381C-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 02:58 . 2012-01-06 03:05 19968 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{51CC95C2-3812-11E1-84DC-00197E0B8494}.dat
+ 2012-01-06 03:05 . 2012-01-06 03:11 16896 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4E31DE06-3813-11E1-84DC-00197E0B8494}.dat
+ 2012-01-06 03:05 . 2012-01-06 03:11 19968 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4D00A906-3813-11E1-84DC-00197E0B8494}.dat
+ 2012-01-06 03:41 . 2012-01-06 03:48 97280 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4AFC6114-3818-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 02:36 . 2012-01-06 02:42 20480 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{34FA32FA-380F-11E1-84DC-00197E0B8494}.dat
+ 2012-01-06 03:26 . 2012-01-06 03:28 41472 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{346FC544-3816-11E1-84DC-00197E0B8494}.dat
+ 2012-01-06 02:43 . 2012-01-06 02:49 20480 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{31743616-3810-11E1-84DC-00197E0B8494}.dat
+ 2012-01-06 02:36 . 2012-01-06 02:42 19968 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2DEAC146-380F-11E1-84DC-00197E0B8494}.dat
+ 2012-01-06 03:11 . 2012-01-06 03:13 91136 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2A2C7A6F-3814-11E1-84DC-00197E0B8494}.dat
+ 2012-01-06 04:08 . 2012-01-06 04:08 68096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{15E8842C-381C-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 04:22 . 2012-01-06 04:28 92160 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{14C4426E-381E-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 03:54 . 2012-01-06 04:00 69120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{11659284-381A-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 02:42 . 2012-01-06 02:49 26112 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{08F20F60-3810-11E1-84DC-00197E0B8494}.dat
+ 2012-01-05 14:03 . 2012-01-05 14:03 14848 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{087678CA-37A6-11E1-84D5-00197E0B8494}.dat
+ 2012-01-06 03:46 . 2012-01-06 03:46 10752 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{07C897F0-3819-11E1-84DD-00197E0B8494}.dat
+ 2012-01-01 03:17 . 2012-01-06 04:41 32768 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-01-01 03:17 . 2012-01-04 01:36 32768 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-01-01 03:07 . 2012-01-04 01:45 32768 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
+ 2012-01-01 03:07 . 2012-01-06 04:41 32768 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
+ 2012-01-01 03:06 . 2012-01-06 04:41 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2012-01-01 03:06 . 2012-01-04 01:36 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2012-01-01 03:07 . 2012-01-06 04:00 32768 c:\windows\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\UserData\index.dat
- 2012-01-01 03:07 . 2012-01-03 12:36 32768 c:\windows\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\UserData\index.dat
+ 2010-08-31 18:54 . 2012-01-06 04:24 8572 c:\windows\system32\d3d9caps.dat
- 2010-08-31 18:54 . 2012-01-04 01:43 8572 c:\windows\system32\d3d9caps.dat
+ 2012-01-06 04:26 . 2012-01-06 04:26 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{AA2B5E33-381E-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 04:26 . 2012-01-06 04:26 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{AA2B5E31-381E-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 04:26 . 2012-01-06 04:26 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{AA2B5E2F-381E-11E1-84DD-00197E0B8494}.dat
+ 2012-01-03 12:18 . 2012-01-06 04:44 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{0472381B-3605-11E1-84C4-00197E0B8494}.dat
- 2012-01-03 12:18 . 2012-01-04 01:38 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{0472381B-3605-11E1-84C4-00197E0B8494}.dat
+ 2012-01-06 04:26 . 2012-01-06 04:26 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{AA2B5E32-381E-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 04:26 . 2012-01-06 04:26 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{AA2B5E30-381E-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 04:44 . 2012-01-06 04:44 6144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{240E3494-3821-11E1-84DE-00197E0B8494}.dat
+ 2012-01-06 04:29 . 2012-01-06 04:29 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{F495032D-381E-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 02:41 . 2012-01-06 02:41 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{F4126A71-380F-11E1-84DC-00197E0B8494}.dat
+ 2012-01-06 04:29 . 2012-01-06 04:29 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{F3EE1E91-381E-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 04:28 . 2012-01-06 04:28 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{EC6A14DB-381E-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 04:28 . 2012-01-06 04:28 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{E2114045-381E-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 02:40 . 2012-01-06 02:40 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{DCF8E0D1-380F-11E1-84DC-00197E0B8494}.dat
+ 2012-01-06 04:13 . 2012-01-06 04:13 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{D6FFD71D-381C-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 04:20 . 2012-01-06 04:20 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{D3634675-381D-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 04:27 . 2012-01-06 04:27 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{CFCDDCDB-381E-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 03:23 . 2012-01-06 03:23 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{CBC91C51-3815-11E1-84DC-00197E0B8494}.dat
+ 2012-01-06 03:01 . 2012-01-06 03:01 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{C9DBE305-3812-11E1-84DC-00197E0B8494}.dat
+ 2012-01-06 03:08 . 2012-01-06 03:09 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{C6622FB8-3813-11E1-84DC-00197E0B8494}.dat
+ 2012-01-06 04:20 . 2012-01-06 04:20 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{C20E4E33-381D-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 04:41 . 2012-01-06 04:41 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{BFD39913-3820-11E1-84DE-00197E0B8494}.dat
+ 2012-01-06 04:27 . 2012-01-06 04:27 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{BE78E499-381E-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 02:54 . 2012-01-06 02:54 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{B2E89843-3811-11E1-84DC-00197E0B8494}.dat
+ 2012-01-06 04:26 . 2012-01-06 04:26 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{AB5301C9-381E-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 03:51 . 2012-01-06 03:51 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{A8985461-3819-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 04:41 . 2012-01-06 04:44 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{A4FC5FDF-3820-11E1-84DE-00197E0B8494}.dat
+ 2012-01-06 04:41 . 2012-01-06 04:41 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{A1F7E5F7-3820-11E1-84DE-00197E0B8494}.dat
+ 2012-01-06 04:41 . 2012-01-06 04:42 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{A13929D7-3820-11E1-84DE-00197E0B8494}.dat
+ 2012-01-06 03:29 . 2012-01-06 03:29 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{A0CB573D-3816-11E1-84DC-00197E0B8494}.dat
+ 2012-01-05 14:00 . 2012-01-05 14:00 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{9DA8A115-37A5-11E1-84D5-00197E0B8494}.dat
+ 2012-01-06 03:00 . 2012-01-06 03:00 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{9CBB52E3-3812-11E1-84DC-00197E0B8494}.dat
+ 2012-01-06 04:33 . 2012-01-06 04:33 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{98398A7B-381F-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 03:28 . 2012-01-06 03:28 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{8ABD30FD-3816-11E1-84DC-00197E0B8494}.dat
+ 2012-01-06 03:28 . 2012-01-06 03:28 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{82EA7CA5-3816-11E1-84DC-00197E0B8494}.dat
+ 2012-01-05 13:59 . 2012-01-05 13:59 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{82D167E1-37A5-11E1-84D5-00197E0B8494}.dat
+ 2012-01-05 13:59 . 2012-01-05 14:03 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{7FDD9E6F-37A5-11E1-84D5-00197E0B8494}.dat
+ 2012-01-06 03:28 . 2012-01-06 03:28 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{7D135836-3816-11E1-84DC-00197E0B8494}.dat
+ 2012-01-06 04:25 . 2012-01-06 04:25 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{75A6F1BB-381E-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 03:13 . 2012-01-06 03:13 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{73BC5824-3814-11E1-84DC-00197E0B8494}.dat
+ 2012-01-06 04:03 . 2012-01-06 04:03 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{6DBFA85B-381B-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 04:10 . 2012-01-06 04:13 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{6A2CA11B-381C-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 03:56 . 2012-01-06 03:56 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{67C2208D-381A-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 03:27 . 2012-01-06 03:27 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{65EE39CD-3816-11E1-84DC-00197E0B8494}.dat
+ 2012-01-06 04:32 . 2012-01-06 04:32 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{61E8F82B-381F-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 03:27 . 2012-01-06 03:27 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{5B73D3F4-3816-11E1-84DC-00197E0B8494}.dat
+ 2012-01-06 02:58 . 2012-01-06 02:58 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{51CC95C1-3812-11E1-84DC-00197E0B8494}.dat
+ 2012-01-06 03:55 . 2012-01-06 03:58 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{5080D0B3-381A-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 03:05 . 2012-01-06 03:05 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{4D00A905-3813-11E1-84DC-00197E0B8494}.dat
+ 2012-01-06 03:41 . 2012-01-06 03:41 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{4AFC6113-3818-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 03:41 . 2012-01-06 03:41 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{4514CE2F-3818-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 02:36 . 2012-01-06 02:36 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{34FA32F9-380F-11E1-84DC-00197E0B8494}.dat
+ 2012-01-06 03:26 . 2012-01-06 03:27 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{346FC543-3816-11E1-84DC-00197E0B8494}.dat
+ 2012-01-06 02:43 . 2012-01-06 02:43 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{31743615-3810-11E1-84DC-00197E0B8494}.dat
+ 2012-01-06 02:36 . 2012-01-06 02:36 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{2DEAC145-380F-11E1-84DC-00197E0B8494}.dat
+ 2012-01-06 02:43 . 2012-01-06 02:43 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{2A4F4E83-3810-11E1-84DC-00197E0B8494}.dat
+ 2012-01-06 03:11 . 2012-01-06 03:11 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{2A2C7A6E-3814-11E1-84DC-00197E0B8494}.dat
+ 2012-01-06 03:18 . 2012-01-06 03:22 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{269C7127-3815-11E1-84DC-00197E0B8494}.dat
+ 2012-01-06 03:25 . 2012-01-06 03:25 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{23181AA5-3816-11E1-84DC-00197E0B8494}.dat
+ 2012-01-06 04:08 . 2012-01-06 04:14 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{15E8842B-381C-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 04:22 . 2012-01-06 04:26 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{14C4426D-381E-11E1-84DD-00197E0B8494}.dat
+ 2012-01-05 14:03 . 2012-01-05 14:03 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{0D12A4D3-37A6-11E1-84D5-00197E0B8494}.dat
+ 2012-01-06 02:42 . 2012-01-06 02:42 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{08F20F5F-3810-11E1-84DC-00197E0B8494}.dat
+ 2012-01-06 04:29 . 2012-01-06 04:29 6144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F3EE1E92-381E-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 04:28 . 2012-01-06 04:28 6144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{EC6A14DC-381E-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 04:42 . 2012-01-06 04:42 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{E4DD813A-3820-11E1-84DE-00197E0B8494}.dat
+ 2012-01-06 04:14 . 2012-01-06 04:19 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{DDFBFACA-381C-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 02:40 . 2012-01-06 02:42 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{DCF8E0D2-380F-11E1-84DC-00197E0B8494}.dat
+ 2012-01-06 04:13 . 2012-01-06 04:13 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{D6FFD71E-381C-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 04:20 . 2012-01-06 04:20 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{D3634676-381D-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 04:42 . 2012-01-06 04:42 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{D01B2798-3820-11E1-84DE-00197E0B8494}.dat
+ 2012-01-06 04:27 . 2012-01-06 04:28 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{CFCDDCDC-381E-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 03:09 . 2012-01-06 03:09 8704 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{CC61BAD8-3813-11E1-84DC-00197E0B8494}.dat
+ 2012-01-06 03:01 . 2012-01-06 03:02 6144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{C9DBE306-3812-11E1-84DC-00197E0B8494}.dat
+ 2012-01-06 03:09 . 2012-01-06 03:11 6144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{C88B5D0D-3813-11E1-84DC-00197E0B8494}.dat
+ 2012-01-06 04:27 . 2012-01-06 04:27 8704 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{BE78E49A-381E-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 04:26 . 2012-01-06 04:27 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{AB5301CA-381E-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 03:51 . 2012-01-06 03:51 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A8985462-3819-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 03:08 . 2012-01-06 03:11 6144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A6A43485-3813-11E1-84DC-00197E0B8494}.dat
+ 2012-01-06 03:29 . 2012-01-06 03:29 6144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A0CB573E-3816-11E1-84DC-00197E0B8494}.dat
+ 2012-01-06 03:22 . 2012-01-06 03:22 6144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9E3FDB3F-3815-11E1-84DC-00197E0B8494}.dat
+ 2012-01-06 03:28 . 2012-01-06 03:34 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8F7F9899-3816-11E1-84DC-00197E0B8494}.dat
+ 2012-01-06 03:28 . 2012-01-06 03:28 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8ABD30FE-3816-11E1-84DC-00197E0B8494}.dat
+ 2012-01-06 04:25 . 2012-01-06 04:26 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{826E0C10-381E-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 03:28 . 2012-01-06 03:28 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7D135837-3816-11E1-84DC-00197E0B8494}.dat
+ 2012-01-06 04:03 . 2012-01-06 04:03 6144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6DBFA85C-381B-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 03:27 . 2012-01-06 03:27 6144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{65EE39CE-3816-11E1-84DC-00197E0B8494}.dat
+ 2012-01-06 03:41 . 2012-01-06 03:41 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4514CE30-3818-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 04:09 . 2012-01-06 04:13 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{32AD4426-381C-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 02:43 . 2012-01-06 02:43 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2A4F4E84-3810-11E1-84DC-00197E0B8494}.dat
+ 2012-01-06 04:44 . 2012-01-06 04:44 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1F104824-3821-11E1-84DE-00197E0B8494}.dat
+ 2012-01-05 14:03 . 2012-01-05 14:03 8704 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0D12A4D4-37A6-11E1-84D5-00197E0B8494}.dat
+ 2012-01-06 03:53 . 2012-01-06 03:57 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{01062C78-381A-11E1-84DD-00197E0B8494}.dat
+ 2010-08-30 18:15 . 2008-08-21 17:00 507904 c:\windows\system32\winlogon.exe
+ 2012-01-05 13:59 . 2012-01-06 04:41 180224 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012012010520120106\index.dat
+ 2010-08-30 18:30 . 2012-01-06 04:41 507904 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2010-08-30 18:30 . 2012-01-04 01:45 507904 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2012-01-06 04:29 . 2012-01-06 04:35 170496 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F495032E-381E-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 04:41 . 2012-01-06 04:44 127488 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A1F7E5F8-3820-11E1-84DE-00197E0B8494}.dat
+ 2012-01-05 14:00 . 2012-01-05 14:07 140288 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9DA8A116-37A5-11E1-84D5-00197E0B8494}.dat
+ 2012-01-05 13:59 . 2012-01-05 14:05 285184 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7FDD9E70-37A5-11E1-84D5-00197E0B8494}.dat
+ 2012-01-06 04:25 . 2012-01-06 04:27 206848 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{75A6F1BC-381E-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 03:13 . 2012-01-06 03:20 248832 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{73BC5825-3814-11E1-84DC-00197E0B8494}.dat
+ 2012-01-06 03:55 . 2012-01-06 04:00 199168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5080D0B4-381A-11E1-84DD-00197E0B8494}.dat
+ 2012-01-06 03:18 . 2012-01-06 03:24 121856 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{269C7128-3815-11E1-84DC-00197E0B8494}.dat
+ 2012-01-06 03:25 . 2012-01-06 03:28 103424 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{23181AA6-3816-11E1-84DC-00197E0B8494}.dat
+ 2012-01-05 13:59 . 2012-01-06 04:41 114688 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2012-01-01 03:06 . 2012-01-04 01:45 1163264 c:\windows\system32\config\systemprofile\PrivacIE\index.dat
+ 2012-01-01 03:06 . 2012-01-06 04:41 1163264 c:\windows\system32\config\systemprofile\PrivacIE\index.dat
- 2012-01-01 03:06 . 2012-01-04 01:45 6356992 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2012-01-01 03:06 . 2012-01-06 04:41 6356992 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-08-30 18:15 . 2008-08-21 17:00 1033728 c:\windows\explorer.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SODCPreLoad"="c:\program files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\preload.exe" [2011-07-03 40960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-05 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-05 137752]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-03 1791272]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2010-05-12 517480]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-03-05 3093816]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-12-21 69568]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2010-04-22 431464]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2010-04-22 181608]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-07-23 185688]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-07-23 124248]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2009-12-01 256576]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"dplaysvr"="c:\documents and settings\Dean Nicholson\Application Data\dplaysvr.exe" [BU]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"dplaysvr"="c:\documents and settings\Dean Nicholson\Application Data\dplaysvr.exe" [BU]
.
c:\documents and settings\Dean Nicholson\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\IBM\\Lotus\\Symphony\\framework\\rcp\\eclipse\\plugins\\com.ibm.rcp.base_6.2.0.20090505-1200\\win32\\x86\\symphony.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [8/31/2010 12:26 PM 24304]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [9/1/2010 11:16 AM 13480]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [8/31/2010 12:26 PM 132456]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [10/10/2011 7:32 AM 196912]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [8/31/2010 12:26 PM 53248]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [9/1/2010 11:16 AM 63928]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2/22/2008 2:54 PM 37312]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/30/2011 7:28 PM 136176]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [9/1/2010 11:16 AM 45496]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\CFcatchme.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/30/2011 7:28 PM 136176]
S3 swmx01;Sierra Wireless USB MUX Driver (#01);c:\windows\system32\drivers\swmx01.sys [11/18/2005 3:21 PM 58624]
S3 SWNC5E01;Sierra Wireless MUX NDIS Driver (#01);c:\windows\system32\drivers\SWNC5E01.sys [8/5/2005 2:42 PM 73600]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-31 00:28]
.
2012-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-31 00:28]
.
2011-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1741676890-1038465670-3455570982-1004Core.job
- c:\documents and settings\Dean Nicholson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-27 00:38]
.
2012-01-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1741676890-1038465670-3455570982-1004UA.job
- c:\documents and settings\Dean Nicholson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-27 00:38]
.
2012-01-06 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2010-08-31 05:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-06 08:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6d,50,6e,4d,4a,8d,41,45,b1,36,70,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6d,50,6e,4d,4a,8d,41,45,b1,36,70,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1116)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3604)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\windows\system32\acs.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\igfxext.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\program files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-01-06 09:04:23 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-06 14:03
ComboFix2.txt 2012-01-05 03:52
ComboFix3.txt 2012-01-04 22:08
ComboFix4.txt 2012-01-04 03:19
ComboFix5.txt 2012-01-06 13:06
.
Pre-Run: 81,322,438,656 bytes free
Post-Run: 81,327,796,224 bytes free
.
- - End Of File - - 16CFAEA96BA39D6D7C6311BC00F55DAC

Edited by Dean N, 06 January 2012 - 08:19 AM.

#112 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 06 January 2012 - 08:50 AM

Those files should have been replaced from the dllcache ^_^



System Restore is a component of Microsoft's Windows Me, Windows XP, Windows Vista and Windows 7 operating systems that allows for the rolling back of system files, registry keys, installed programs, etc., to a previous state in the event of malfunctioning or failure. Old restore points can be a source of re-infection.

Please follow the steps below to create a clean restore point:
  • Click Start > Run > copy and paste the following into the run box:

    %SystemRoot%\System32\restore\rstrui.exe

  • Press OK. Choose Create a Restore Point then click Next.
  • Name it (something you'll remember) and click Create.
  • When the confirmation screen shows the restore point has been created click Close.

Then remove all previous Restore Points
  • Click Start > Run > copy and paste the following into the run box:

    cleanmgr

  • Choose to scan drive C:\ (if C:\ is your main drive).
  • At the top, click on More Options tab. Click the Clean up... button in the System Restore box.
  • Click on the Yes button.
  • When finished, click on Cancel button to exit.




Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above FCopy::


FCopy::
c:\windows\system32\dllcache\winlogon.exe | c:\windows\system32\winlogon.exe
c:\windows\system32\dllcache\svchost.exe | c:\windows\system32\svchost.exe 
c:\windows\system32\dllcache\explorer.exe | c:\windows\explorer.exe

Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#113 Dean N

Dean N

    Authentic Member

  • Authentic Member
  • PipPip
  • 152 posts

Posted 06 January 2012 - 10:28 AM

ComboFix 12-01-05.04 - Dean Nicholson 01/06/2012 10:22:46.11.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2455 [GMT -5:00]
Running from: c:\documents and settings\Dean Nicholson\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dean Nicholson\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((( Files Created from 2011-12-06 to 2012-01-06 )))))))))))))))))))))))))))))))
.
.
2012-01-05 14:42 . 2012-01-05 14:42 -------- d-----w- C:\_OTL
2012-01-04 02:16 . 2011-08-17 13:49 138496 -c--a-w- c:\windows\system32\dllcache\afd.sys
2012-01-04 02:16 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-01-02 22:55 . 2012-01-01 17:17 4702720 ----a-w- C:\aswMBR.exe
2012-01-01 03:06 . 2012-01-01 03:06 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2012-01-01 03:06 . 2012-01-01 03:06 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2012-01-01 00:31 . 2012-01-01 00:31 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2012-01-01 00:29 . 2012-01-01 00:29 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-12-30 19:28 . 2011-12-30 19:28 -------- d-----w- c:\program files\ESET
2011-12-30 12:21 . 2012-01-01 06:39 -------- d-----w- c:\windows\system32\LogFiles
2011-12-30 01:16 . 2011-12-30 01:16 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-12-21 00:36 . 2011-12-29 01:52 -------- d-----w- c:\documents and settings\Dean Nicholson\Application Data\Skype
2011-12-21 00:36 . 2011-12-29 01:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2011-12-18 21:32 . 2011-12-18 21:32 -------- d-----w- c:\documents and settings\Dean Nicholson\Application Data\Yahoo!
2011-12-18 21:29 . 2011-12-23 05:00 -------- d-----w- c:\program files\Yahoo!
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-28 00:19 . 2011-07-01 01:56 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 20:24 . 2011-07-01 02:22 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 13:25 . 2010-08-30 18:15 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2010-08-30 18:15 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2010-08-30 18:15 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2010-08-30 18:15 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2010-08-30 18:15 385024 ------w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2010-08-30 18:15 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2010-08-30 18:15 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2008-04-14 00:54 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2008-04-14 00:01 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2010-08-30 18:15 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2010-08-30 18:26 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-10 12:31 . 2011-07-02 02:13 17712 ----a-w- c:\windows\system32\nitrolocalui2.dll
2011-10-10 12:31 . 2011-07-02 02:13 26416 ----a-w- c:\windows\system32\nitrolocalmon2.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SODCPreLoad"="c:\program files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\preload.exe" [2011-07-03 40960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-05 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-05 137752]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-03 1791272]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2010-05-12 517480]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-03-05 3093816]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-12-21 69568]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2010-04-22 431464]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2010-04-22 181608]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-07-23 185688]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-07-23 124248]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2009-12-01 256576]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"dplaysvr"="c:\documents and settings\Dean Nicholson\Application Data\dplaysvr.exe" [BU]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"dplaysvr"="c:\documents and settings\Dean Nicholson\Application Data\dplaysvr.exe" [BU]
.
c:\documents and settings\Dean Nicholson\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\IBM\\Lotus\\Symphony\\framework\\rcp\\eclipse\\plugins\\com.ibm.rcp.base_6.2.0.20090505-1200\\win32\\x86\\symphony.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [8/31/2010 12:26 PM 24304]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [9/1/2010 11:16 AM 13480]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [8/31/2010 12:26 PM 132456]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [10/10/2011 7:32 AM 196912]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [8/31/2010 12:26 PM 53248]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [9/1/2010 11:16 AM 63928]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2/22/2008 2:54 PM 37312]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/30/2011 7:28 PM 136176]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [9/1/2010 11:16 AM 45496]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\CFcatchme.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/30/2011 7:28 PM 136176]
S3 swmx01;Sierra Wireless USB MUX Driver (#01);c:\windows\system32\drivers\swmx01.sys [11/18/2005 3:21 PM 58624]
S3 SWNC5E01;Sierra Wireless MUX NDIS Driver (#01);c:\windows\system32\drivers\SWNC5E01.sys [8/5/2005 2:42 PM 73600]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-31 00:28]
.
2012-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-31 00:28]
.
2011-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1741676890-1038465670-3455570982-1004Core.job
- c:\documents and settings\Dean Nicholson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-27 00:38]
.
2012-01-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1741676890-1038465670-3455570982-1004UA.job
- c:\documents and settings\Dean Nicholson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-27 00:38]
.
2012-01-06 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2010-08-31 05:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-06 10:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6d,50,6e,4d,4a,8d,41,45,b1,36,70,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6d,50,6e,4d,4a,8d,41,45,b1,36,70,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1116)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2788)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2012-01-06 11:04:58
ComboFix-quarantined-files.txt 2012-01-06 16:04
ComboFix2.txt 2012-01-06 14:04
ComboFix3.txt 2012-01-05 03:52
ComboFix4.txt 2012-01-04 22:08
ComboFix5.txt 2012-01-06 15:15
.
Pre-Run: 81,542,635,520 bytes free
Post-Run: 81,524,436,992 bytes free
.
- - End Of File - - ED482EC60239FEC1F6C474EF126389F9

#114 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 06 January 2012 - 10:42 AM

I dont see those files infected any longer, I also dont see them on the list of new files from the last 30 days, not sure on that.. Do me a favor and run aswMBR and shoot me a new log. Take your time, I wont be back online for a few hours. Things any better since running the new Combofix script ?

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#115 Dean N

Dean N

    Authentic Member

  • Authentic Member
  • PipPip
  • 152 posts

Posted 06 January 2012 - 01:21 PM

The laptop fails to find a wired internet connection. I put the router cable back in my office machine, and the connection is found and works right away. Otherwise, from what I see it seems ok so far. aswMBR version 0.9.9.1124 Copyright© 2011 AVAST Software Run date: 2011-12-29 19:00:31 ----------------------------- 19:00:31.628 OS Version: Windows 5.1.2600 Service Pack 3 19:00:31.628 Number of processors: 2 586 0xF06 19:00:31.628 ComputerName: D2 UserName: 19:00:34.737 Initialze error 0 - driver not loaded 19:01:15.253 AVAST engine defs: 11122901 19:02:58.893 Service scanning 19:02:59.987 Modules scanning 19:02:59.987 Disk 0 trace - called modules: 19:02:59.987 19:03:00.831 AVAST engine scan C:\WINDOWS 19:03:02.831 AVAST engine scan C:\WINDOWS\system32 19:04:44.456 AVAST engine scan C:\WINDOWS\system32\drivers 19:04:52.393 AVAST engine scan C:\Documents and Settings\Dean Nicholson 19:07:21.862 AVAST engine scan C:\Documents and Settings\All Users 19:07:22.159 File: C:\Documents and Settings\All Users\Application Data\gCewtKdyITBp.exe **INFECTED** Win32:FakeAlert-BTP [Trj] 19:07:22.237 File: C:\Documents and Settings\All Users\Application Data\GZzviPbdBiShIt.exe **INFECTED** Win32:FakeAlert-BTP [Trj] 19:07:23.925 Scan finished successfully 19:31:16.675 The log file has been saved successfully to "C:\Documents and Settings\Dean Nicholson\My Documents\aswMBR.txt" aswMBR version 0.9.9.1124 Copyright© 2011 AVAST Software Run date: 2011-12-30 19:27:56 ----------------------------- 19:27:56.984 OS Version: Windows 5.1.2600 Service Pack 3 19:27:56.984 Number of processors: 2 586 0xF06 19:27:56.984 ComputerName: D2 UserName: 19:27:57.671 Initialze error 0 - driver not loaded 19:31:06.718 AVAST engine defs: 11123001 19:34:32.125 Service scanning 19:34:33.156 Modules scanning 19:34:33.156 Disk 0 trace - called modules: 19:34:33.156 19:34:33.828 AVAST engine scan C:\WINDOWS 19:34:35.781 AVAST engine scan C:\WINDOWS\system32 19:35:38.515 AVAST engine scan C:\WINDOWS\system32\drivers 19:35:44.890 AVAST engine scan C:\Documents and Settings\Dean Nicholson 19:36:15.578 File: C:\Documents and Settings\Dean Nicholson\Local Settings\Application Data\pjq.exe **INFECTED** Win32:MalOb-GR [Cryp] 19:36:38.140 AVAST engine scan C:\Documents and Settings\All Users 19:36:39.890 Scan finished successfully 19:37:20.078 The log file has been saved successfully to "C:\Documents and Settings\Dean Nicholson\My Documents\aswMBR.txt" aswMBR version 0.9.9.1124 Copyright© 2011 AVAST Software Run date: 2012-01-01 12:27:05 ----------------------------- 12:27:05.906 OS Version: Windows 5.1.2600 Service Pack 3 12:27:05.906 Number of processors: 2 586 0xF06 12:27:05.906 ComputerName: D2 UserName: 12:27:06.515 Initialze error 0 - driver not loaded 12:32:42.859 AVAST engine defs: 12010100 12:39:36.187 The log file has been saved successfully to "C:\Documents and Settings\Dean Nicholson\My Documents\aswMBR.txt" aswMBR version 0.9.9.1124 Copyright© 2011 AVAST Software Run date: 2012-01-06 13:29:46 ----------------------------- 13:29:46.828 OS Version: Windows 5.1.2600 Service Pack 3 13:29:46.828 Number of processors: 2 586 0xF06 13:29:46.828 ComputerName: D2 UserName: 13:29:47.406 Initialze error 0 - driver not loaded 13:29:57.171 Service scanning 13:29:58.421 Modules scanning 13:29:58.421 Disk 0 trace - called modules: 13:29:58.421 13:29:58.421 Scan finished successfully 13:30:15.937 The log file has been saved successfully to "C:\Documents and Settings\Dean Nicholson\My Documents\aswMBR.txt" aswMBR version 0.9.9.1124 Copyright© 2011 AVAST Software Run date: 2012-01-06 13:29:46 ----------------------------- 13:29:46.828 OS Version: Windows 5.1.2600 Service Pack 3 13:29:46.828 Number of processors: 2 586 0xF06 13:29:46.828 ComputerName: D2 UserName: 13:29:47.406 Initialze error 0 - driver not loaded 13:29:57.171 Service scanning 13:29:58.421 Modules scanning 13:29:58.421 Disk 0 trace - called modules: 13:29:58.421 13:29:58.421 Scan finished successfully 13:30:15.937 The log file has been saved successfully to "C:\Documents and Settings\Dean Nicholson\My Documents\aswMBR.txt" 13:30:36.328 The log file has been saved successfully to "C:\Documents and Settings\Dean Nicholson\My Documents\aswMBR.txt"

    Advertisements

Register to Remove

#116 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 06 January 2012 - 01:48 PM

aswMBR is not running properly, its saying the driver is not loaded.

Lets do one more scan with ESET, if all looks ok I will send you to our networking forum to help you get back online

On a side note, I think you can appreciate now how nasty some of the recent threats are, and there getting worse, I am sure you dont want to go through this again so when where done you need to sit down, relax, pop a brew and rethink your surfing habits.


ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.


  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#117 Dean N

Dean N

    Authentic Member

  • Authentic Member
  • PipPip
  • 152 posts

Posted 06 January 2012 - 01:58 PM

I can't access the internet currently on the infected machine, so I'll have to wait a couple hours till I get home and have a wireless connection. The weird thing is, I was researching hiking boots, of all things, and trying access a footwear company website when this whole thing went down. Honest! :angry: (I can hear it now, "yea, right, that's what they all say...")

Edited by Dean N, 06 January 2012 - 01:59 PM.

#118 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 06 January 2012 - 02:09 PM

No Dean, it happens to the best of us. I am not understaning you internet connection, you can access the internet wirelessly on the computer where working on ?

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#119 Dean N

Dean N

    Authentic Member

  • Authentic Member
  • PipPip
  • 152 posts

Posted 06 January 2012 - 02:14 PM

My home connection is wireless. I suppose I could run into the basement and plug it into the router (never did that though). At the office, we have a wired-only connection. I could probably activate the wireless portion of the router, but I had such bad connectivity issues in the past with it, I made my IT guy hardwire the whole thing. So, while working on this infection at the office, I've been doing the office desktop <---> thumb drive <---> laptop thing. Hopefully that makes sense.

#120 Dean N

Dean N

    Authentic Member

  • Authentic Member
  • PipPip
  • 152 posts

Posted 06 January 2012 - 10:11 PM

Internet seems to be stable, but ESET found a bunch of items: C:\Documents and Settings\All Users\Documents\19792079 a variant of Win32/Kryptik.YNE trojan C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\ewsvtVHncw.exe.vir a variant of Win32/Kryptik.YKP trojan C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\gfhYdHclcK.exe.vir a variant of Win32/Injector.MAS trojan C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Igkq6wYuojMmGl.exe.vir a variant of Win32/Kryptik.YKP trojan C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\yTzdO8xepWwmID.exe.vir a variant of Win32/Injector.MAS trojan C:\Qoobox\Quarantine\C\Documents and Settings\Dean Nicholson\Application Data\dplaysvr.exe.vir a variant of Win32/Kryptik.YHM trojan C:\Qoobox\Quarantine\C\Documents and Settings\Dean Nicholson\Application Data\dplayx.dll.vir.vir a variant of Win32/Kryptik.YHM trojan C:\Qoobox\Quarantine\C\Documents and Settings\Dean Nicholson\Local Settings\Application Data\lby.exe.vir a variant of Win32/Kryptik.YGY trojan C:\Qoobox\Quarantine\C\Documents and Settings\Dean Nicholson\Local Settings\Application Data\reu.exe.vir a variant of Win32/Kryptik.YKJ trojan C:\Qoobox\Quarantine\C\Documents and Settings\Dean Nicholson\Local Settings\Application Data\tsf.exe.vir a variant of Win32/Kryptik.YGP trojan C:\Qoobox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\7272e1c7366f4418.exe.vir a variant of Win32/Kryptik.YMV trojan C:\Qoobox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\atm.exe.vir a variant of Win32/Kryptik.YJZ trojan C:\Qoobox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\_7272e1c7366f4418_.exe.zip a variant of Win32/Kryptik.YMV trojan C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\afd.sys.vir a variant of Win32/Rootkit.Kryptik.GY trojan C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\e59bfa443ffcd009.sys.vir probably a variant of Win32/AutoRun.Spy.Banker.M worm C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_e59bfa443ffcd009_.sys.zip probably a variant of Win32/AutoRun.Spy.Banker.M worm C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\29\1b0b81d-5b6b9cfc a variant of Java/Agent.DZ trojan C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\56\4c0158b8-54da9494 a variant of Win32/Kryptik.YKL trojan C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8MNJXDU7\crystmassoft5_net[1].htm a variant of Win32/Kryptik.YJZ trojan C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\EO55N683\crystmassoft5_net[1].htm a variant of Win32/Kryptik.YJB trojan C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\FAHNMT0G\crystmassoft5_net[2].htm a variant of Win32/Kryptik.YMV trojan C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\FAHNMT0G\crystmassoft5_net[3].htm a variant of Win32/Kryptik.YNE trojan C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\JW7M7FJZ\crystmassoft4_net[1].htm a variant of Win32/Kryptik.YGY trojan C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\XO9PDHMK\crystmassoft4_net[2].htm a variant of Win32/Kryptik.YNE trojan C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\XO9PDHMK\crystmassoft4_net[4].htm a variant of Win32/Kryptik.YHM trojan

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·