WiredWX Hobby Weather ToolsLog in

 


descriptionInfected with Bootkit Whistler EmptyInfected with Bootkit Whistler

more_horiz
I ran Combofix last night and found that I was infected with Bootkit Whistler. I have the log I received, so I will post that. Any help I can receive about how to delete this will be greatly appreciated! Thanks!

ComboFix 10-10-01.07 - Jaco 10/03/2010 23:18:24.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1484 [GMT -5:00]
Running from: c:\documents and settings\Jaco\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2010-09-04 to 2010-10-04 )))))))))))))))))))))))))))))))
.

2010-10-03 10:56 . 2009-08-07 00:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-10-03 10:56 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-10-03 08:06 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-10-03 08:06 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-10-03 08:06 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-10-03 08:06 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-10-03 08:06 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-10-03 08:06 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-10-03 08:06 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-10-03 08:04 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-10-03 08:04 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-10-03 08:04 . 2010-10-03 08:04 -------- d-----w- c:\program files\Alwil Software
2010-10-03 08:04 . 2010-10-03 08:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-10-02 04:26 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-02 04:24 . 2010-10-02 04:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-02 04:24 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-01 21:32 . 2010-10-01 21:32 0 ----a-w- c:\documents and settings\Jaco\settings.dat
2010-10-01 03:20 . 2010-10-01 03:20 -------- d-----w- c:\documents and settings\Jaco\Local Settings\Application Data\HP
2010-10-01 03:19 . 2010-10-01 03:19 -------- d-----w- c:\program files\Common Files\HP
2010-10-01 03:19 . 2010-10-01 03:19 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-10-01 03:18 . 2010-10-01 03:19 19548 ----a-w- c:\windows\hpqins13.dat
2010-10-01 03:16 . 2010-10-01 03:17 -------- d-----w- c:\documents and settings\Jaco\Application Data\Image Zone Express
2010-10-01 03:09 . 2003-03-10 02:30 237568 ----a-w- c:\windows\system32\HPZc3212.dll
2010-10-01 02:13 . 2010-10-01 02:13 -------- d-----w- c:\documents and settings\Jaco\Application Data\AVG10
2010-10-01 01:30 . 2010-10-01 01:30 -------- d-----w- c:\windows\system32\wbem\Repository
2010-09-30 06:50 . 2010-10-01 01:44 -------- d-----w- c:\program files\Common Files\Adobe AIR(2)
2010-09-29 08:17 . 2010-09-29 08:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Common Files
2010-09-29 08:17 . 2010-10-03 11:54 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2010-09-29 08:17 . 2010-09-30 17:08 -------- d-----w- c:\windows\system32\drivers\AVG(2)
2010-09-29 08:16 . 2010-09-29 08:16 -------- d-----w- c:\program files\AVG
2010-09-29 08:05 . 2010-09-29 08:16 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-09-27 23:41 . 2010-09-27 23:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Mender
2010-09-27 01:36 . 2010-09-27 01:36 -------- d-----w- c:\program files\BitTorrent
2010-09-27 01:34 . 2010-10-01 01:44 -------- d-----w- c:\documents and settings\Jaco\Application Data\BitTorrent
2010-09-26 04:22 . 2010-09-26 04:22 0 ----a-w- c:\windows\ativpsrm.bin
2010-09-26 03:22 . 2010-09-26 03:22 -------- d-----w- c:\documents and settings\Jaco\Application Data\Tific
2010-09-26 03:22 . 2010-09-26 03:22 -------- d-----w- c:\documents and settings\Jaco\Local Settings\Application Data\Symantec
2010-09-23 04:42 . 2010-09-23 04:42 -------- d-----w- c:\program files\Windows Sidebar
2010-09-20 06:21 . 2010-09-20 06:21 503808 ----a-w- c:\documents and settings\Jaco\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4c844195-n\msvcp71.dll
2010-09-20 06:21 . 2010-09-20 06:21 499712 ----a-w- c:\documents and settings\Jaco\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4c844195-n\jmc.dll
2010-09-20 06:21 . 2010-09-20 06:21 348160 ----a-w- c:\documents and settings\Jaco\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4c844195-n\msvcr71.dll
2010-09-20 06:21 . 2010-09-20 06:21 61440 ----a-w- c:\documents and settings\Jaco\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6424b9dc-n\decora-sse.dll
2010-09-20 06:21 . 2010-09-20 06:21 12800 ----a-w- c:\documents and settings\Jaco\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6424b9dc-n\decora-d3d.dll
2010-09-20 06:21 . 2010-07-17 10:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-20 06:07 . 2010-09-20 19:20 -------- d-----w- c:\documents and settings\Jaco\Application Data\DVD Flick
2010-09-20 06:07 . 2003-01-26 18:41 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2010-09-20 06:07 . 2010-09-20 06:07 -------- d-----w- c:\program files\DVD Flick
2010-09-20 06:01 . 2010-09-20 06:01 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2010-09-20 05:53 . 2010-09-20 05:53 -------- d-----w- c:\documents and settings\Jaco\Application Data\Ashampoo
2010-09-20 05:53 . 2010-09-20 05:53 -------- d-----w- c:\documents and settings\Jaco\Local Settings\Application Data\ashampoo
2010-09-20 05:53 . 2010-09-20 05:53 -------- d-----w- c:\documents and settings\All Users\Application Data\ashampoo
2010-09-13 21:27 . 2010-09-13 21:27 25680 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2010-09-08 06:58 . 2010-09-08 07:10 -------- d-----w- c:\documents and settings\Jaco\Local Settings\Application Data\WMTools Downloaded Files
2010-09-04 07:29 . 2010-09-04 07:29 310208 ----a-w- c:\documents and settings\Jaco\Application Data\Azureus\plugins\mlab\ShaperProbeC.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-03 10:25 . 2010-04-19 17:41 -------- d-----w- c:\program files\Google
2010-10-03 10:25 . 2007-03-14 03:35 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-03 05:18 . 2007-06-23 12:23 -------- d-----w- c:\program files\Trend Micro
2010-10-01 08:59 . 2007-03-16 20:52 -------- d-----w- c:\program files\Java
2010-10-01 08:59 . 2010-10-01 08:59 0 ----a-w- c:\windows\system32\REN129.tmp
2010-10-01 08:59 . 2010-10-01 08:59 0 ----a-w- c:\windows\system32\REN128.tmp
2010-10-01 08:59 . 2010-10-01 08:59 0 ----a-w- c:\windows\system32\REN127.tmp
2010-10-01 01:39 . 2007-03-14 20:51 82480 ----a-w- c:\documents and settings\Jaco\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-29 08:17 . 2010-07-18 05:31 -------- d-----w- c:\documents and settings\Jaco\Application Data\Skype
2010-09-29 08:00 . 2010-07-18 05:32 -------- d-----w- c:\documents and settings\Jaco\Application Data\skypePM
2010-09-27 01:45 . 2007-03-16 00:36 -------- d-----w- c:\documents and settings\Jaco\Application Data\Azureus
2010-09-20 06:41 . 2009-02-27 03:22 -------- d-----w- c:\program files\NCH Swift Sound
2010-09-20 06:19 . 2009-02-27 03:23 -------- d-----w- c:\program files\NCH Software
2010-09-17 05:14 . 2010-07-18 05:30 -------- d-----r- c:\program files\Skype
2010-09-16 05:51 . 2010-07-09 02:57 5049 ----a-w- c:\windows\Otijadikujikapa.dat
2010-09-04 07:31 . 2010-04-21 15:58 4177856 ----a-w- c:\documents and settings\Jaco\Application Data\Azureus\plugins\azemp\vuzeplayer.exe
2010-09-04 07:30 . 2010-08-21 00:15 -------- d-----w- c:\program files\iTunes
2010-09-04 07:28 . 2009-01-12 21:03 -------- d-----w- c:\program files\Vuze
2010-08-27 16:24 . 2010-08-27 16:24 63572 ---ha-w- c:\windows\system32\mlfcache.dat
2010-08-23 03:29 . 2010-08-23 03:29 55 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\F3053EF74652448F98A5C45703106076\install.bat
2010-08-23 03:29 . 2010-08-23 03:29 323584 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\F3053EF74652448F98A5C45703106076\lib\swt-win32-3232.dll
2010-08-21 00:22 . 2007-04-23 20:40 -------- d-----w- c:\documents and settings\Jaco\Application Data\Apple Computer
2010-08-21 00:16 . 2010-08-21 00:15 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-21 00:15 . 2010-08-21 00:15 -------- d-----w- c:\program files\iPod
2010-08-21 00:14 . 2009-03-16 17:11 -------- d-----w- c:\program files\QuickTime
2010-08-21 00:14 . 2007-04-03 00:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-08-21 00:13 . 2010-08-21 00:13 -------- d-----w- c:\program files\Apple Software Update
2010-08-21 00:09 . 2009-01-07 05:15 -------- d-----w- c:\program files\Common Files\Apple
2010-07-21 21:30 . 2010-07-21 21:30 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-18 05:32 . 2010-07-18 05:32 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-07-11 05:43 . 2010-07-09 02:57 0 ----a-w- c:\windows\Wfatifopaniya.bin
.

((((((((((((((((((((((((((((( SnapShot@2010-10-03_05.46.48 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 118784]
"hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-27 434528]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10e.exe" [2010-01-27 256280]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
2007-01-19 17:49 49152 ----a-w- c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2005-08-12 19:43 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
2007-07-17 16:03 868352 ------w- c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link Wireless G WDA-1320]
2007-08-29 21:16 1662976 ----a-w- c:\program files\D-Link\Wireless G WDA-1320\AirGCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Echovoice Gamer Statistics]
2006-11-28 21:52 53248 ----a-w- c:\program files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 05:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 21:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2007-09-21 09:10 55824 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
2007-09-21 09:10 55824 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 20:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 03:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-02-26 08:53 65024 ----a-w- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 17:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"helpsvc"=2 (0x2)
"CCALib8"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"YahooAUService"=2 (0x2)
"Bonjour Service"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\KODAK\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57441:TCP"= 57441:TCP:Pando Media Booster
"57441:UDP"= 57441:UDP:Pando Media Booster
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
"6966:TCP"= 6966:TCP:League of Legends Launcher
"6966:UDP"= 6966:UDP:League of Legends Launcher
"6894:TCP"= 6894:TCP:League of Legends Launcher
"6894:UDP"= 6894:UDP:League of Legends Launcher
"6923:TCP"= 6923:TCP:League of Legends Launcher
"6923:UDP"= 6923:UDP:League of Legends Launcher
"6915:TCP"= 6915:TCP:League of Legends Launcher
"6915:UDP"= 6915:UDP:League of Legends Launcher
"6967:TCP"= 6967:TCP:League of Legends Launcher
"6967:UDP"= 6967:UDP:League of Legends Launcher
"6927:TCP"= 6927:TCP:League of Legends Launcher
"6927:UDP"= 6927:UDP:League of Legends Launcher
"6968:TCP"= 6968:TCP:League of Legends Launcher
"6968:UDP"= 6968:UDP:League of Legends Launcher
"8380:TCP"= 8380:TCP:League of Legends Launcher
"8380:UDP"= 8380:UDP:League of Legends Launcher
"6895:TCP"= 6895:TCP:League of Legends Launcher
"6895:UDP"= 6895:UDP:League of Legends Launcher
"6951:TCP"= 6951:TCP:League of Legends Launcher
"6951:UDP"= 6951:UDP:League of Legends Launcher
"6911:TCP"= 6911:TCP:League of Legends Launcher
"6911:UDP"= 6911:UDP:League of Legends Launcher
"6937:TCP"= 6937:TCP:League of Legends Launcher
"6937:UDP"= 6937:UDP:League of Legends Launcher

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 4:27 PM 25680]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [3/7/2007 11:59 AM 77312]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/3/2010 3:06 AM 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/3/2010 3:06 AM 17744]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [12/10/2008 9:48 PM 57376]
S1 amdtools;AMD Special Tools Driver;c:\windows\system32\DRIVERS\amdtools.sys --> c:\windows\system32\DRIVERS\amdtools.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/19/2010 12:41 PM 136176]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [12/10/2008 9:48 PM 547744]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\D-Link\Wireless G WDA-1320\JSWUtil\jswpsapi.exe [12/10/2008 9:48 PM 352338]
S3 PIXMCV;JVC Communication PIX-MCV Driver;c:\windows\system32\drivers\pixmcvc.sys [11/19/2007 9:23 AM 32000]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/25/2007 6:22 PM 685816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-09-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

2008-12-13 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4206817551.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 22:56]

2010-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-19 17:41]

2010-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-19 17:41]

2010-10-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-179605362-839522115-1004Core.job
- c:\documents and settings\Jaco\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-23 22:02]

2010-10-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-179605362-839522115-1004UA.job
- c:\documents and settings\Jaco\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-23 22:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://dsl.sbc.yahoo.com/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;localhost
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Jaco\Application Data\Mozilla\Firefox\Profiles\ol583pcy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\Jaco\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\Jaco\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(general.useragent.extra.zencast, Creative ZENcast v2.01.01c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-03 23:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1056)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1284)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-10-03 23:26:13
ComboFix-quarantined-files.txt 2010-10-04 04:26
ComboFix2.txt 2010-10-03 05:52

Pre-Run: 263,489,691,648 bytes free
Post-Run: 263,451,127,808 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 00655C73BC3D4058FC67C8F93C498DD0

descriptionInfected with Bootkit Whistler EmptyRe: Infected with Bootkit Whistler

more_horiz
Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Code:


    File::
    c:\windows\Wfatifopaniya.bin
    c:\windows\Otijadikujikapa.dat

  4. Save this as CFScript.txt, in the same location as ComboFix.exe

    Infected with Bootkit Whistler Cfscriptb4i

  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.

descriptionInfected with Bootkit Whistler EmptyRe: Infected with Bootkit Whistler

more_horiz
Hi Belahzur, The log was too big so I had to break it in to a few parts. Hope that's okay! I just didn't want to leave anything important out. But, I did as you instructed and this is the log I received:
ComboFix 10-10-01.07 - Jaco 10/04/2010 18:45:41.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1551 [GMT -5:00]
Running from: c:\documents and settings\Jaco\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Jaco\My Documents\Downloads\cfscript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\Otijadikujikapa.dat"
"c:\windows\Wfatifopaniya.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Otijadikujikapa.dat
c:\windows\Wfatifopaniya.bin

.
\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2010-09-04 to 2010-10-04 )))))))))))))))))))))))))))))))
.

2010-10-04 10:22 . 2010-10-04 10:22 -------- d-----w- C:\bfb638c1d2551597af4e54e7882456e9
2010-10-04 06:39 . 2010-10-04 06:39 -------- d-----w- c:\program files\ESET
2010-10-04 05:16 . 2010-10-04 06:50 -------- d-----w- c:\program files\7-Zip
2010-10-03 11:50 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-10-03 10:56 . 2009-08-07 00:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-10-03 10:56 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-10-03 08:06 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-10-03 08:06 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-10-03 08:06 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-10-03 08:06 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-10-03 08:06 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-10-03 08:06 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-10-03 08:06 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-10-03 08:04 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-10-03 08:04 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-10-03 08:04 . 2010-10-03 08:04 -------- d-----w- c:\program files\Alwil Software
2010-10-03 08:04 . 2010-10-03 08:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-10-02 04:26 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-02 04:24 . 2010-10-02 04:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-02 04:24 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-01 21:32 . 2010-10-01 21:32 0 ----a-w- c:\documents and settings\Jaco\settings.dat
2010-10-01 03:20 . 2010-10-01 03:20 -------- d-----w- c:\documents and settings\Jaco\Local Settings\Application Data\HP
2010-10-01 03:19 . 2010-10-01 03:19 -------- d-----w- c:\program files\Common Files\HP
2010-10-01 03:19 . 2010-10-01 03:19 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-10-01 03:18 . 2010-10-01 03:19 19548 ----a-w- c:\windows\hpqins13.dat
2010-10-01 03:16 . 2010-10-01 03:17 -------- d-----w- c:\documents and settings\Jaco\Application Data\Image Zone Express
2010-10-01 03:09 . 2003-03-10 02:30 237568 ----a-w- c:\windows\system32\HPZc3212.dll
2010-10-01 02:13 . 2010-10-01 02:13 -------- d-----w- c:\documents and settings\Jaco\Application Data\AVG10
2010-10-01 01:30 . 2010-10-01 01:30 -------- d-----w- c:\windows\system32\wbem\Repository
2010-09-30 06:50 . 2010-10-01 01:44 -------- d-----w- c:\program files\Common Files\Adobe AIR(2)
2010-09-29 08:17 . 2010-09-29 08:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Common Files
2010-09-29 08:17 . 2010-10-03 11:54 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2010-09-29 08:17 . 2010-09-30 17:08 -------- d-----w- c:\windows\system32\drivers\AVG(2)
2010-09-29 08:16 . 2010-09-29 08:16 -------- d-----w- c:\program files\AVG
2010-09-29 08:05 . 2010-09-29 08:16 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-09-27 23:41 . 2010-09-27 23:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Mender
2010-09-27 01:36 . 2010-09-27 01:36 -------- d-----w- c:\program files\BitTorrent
2010-09-27 01:34 . 2010-10-01 01:44 -------- d-----w- c:\documents and settings\Jaco\Application Data\BitTorrent
2010-09-26 04:22 . 2010-09-26 04:22 0 ----a-w- c:\windows\ativpsrm.bin
2010-09-26 03:22 . 2010-09-26 03:22 -------- d-----w- c:\documents and settings\Jaco\Application Data\Tific
2010-09-26 03:22 . 2010-09-26 03:22 -------- d-----w- c:\documents and settings\Jaco\Local Settings\Application Data\Symantec
2010-09-23 04:42 . 2010-09-23 04:42 -------- d-----w- c:\program files\Windows Sidebar
2010-09-20 06:21 . 2010-09-20 06:21 503808 ----a-w- c:\documents and settings\Jaco\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4c844195-n\msvcp71.dll
2010-09-20 06:21 . 2010-09-20 06:21 499712 ----a-w- c:\documents and settings\Jaco\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4c844195-n\jmc.dll
2010-09-20 06:21 . 2010-09-20 06:21 348160 ----a-w- c:\documents and settings\Jaco\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4c844195-n\msvcr71.dll
2010-09-20 06:21 . 2010-09-20 06:21 61440 ----a-w- c:\documents and settings\Jaco\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6424b9dc-n\decora-sse.dll
2010-09-20 06:21 . 2010-09-20 06:21 12800 ----a-w- c:\documents and settings\Jaco\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6424b9dc-n\decora-d3d.dll
2010-09-20 06:21 . 2010-07-17 10:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-20 06:07 . 2010-09-20 19:20 -------- d-----w- c:\documents and settings\Jaco\Application Data\DVD Flick
2010-09-20 06:07 . 2003-01-26 18:41 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2010-09-20 06:07 . 2010-09-20 06:07 -------- d-----w- c:\program files\DVD Flick
2010-09-20 06:01 . 2010-09-20 06:01 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2010-09-20 05:53 . 2010-09-20 05:53 -------- d-----w- c:\documents and settings\Jaco\Application Data\Ashampoo
2010-09-20 05:53 . 2010-09-20 05:53 -------- d-----w- c:\documents and settings\Jaco\Local Settings\Application Data\ashampoo
2010-09-20 05:53 . 2010-09-20 05:53 -------- d-----w- c:\documents and settings\All Users\Application Data\ashampoo
2010-09-13 21:27 . 2010-09-13 21:27 25680 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2010-09-08 06:58 . 2010-09-08 07:10 -------- d-----w- c:\documents and settings\Jaco\Local Settings\Application Data\WMTools Downloaded Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-04 23:44 . 2007-03-14 20:51 82480 ----a-w- c:\documents and settings\Jaco\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-10-04 10:22 . 2008-04-24 02:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-10-04 10:08 . 2008-04-24 02:17 -------- d-----w- c:\program files\Microsoft Works
2010-10-03 10:25 . 2010-04-19 17:41 -------- d-----w- c:\program files\Google
2010-10-03 10:25 . 2007-03-14 03:35 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-03 05:18 . 2007-06-23 12:23 -------- d-----w- c:\program files\Trend Micro
2010-10-01 08:59 . 2007-03-16 20:52 -------- d-----w- c:\program files\Java
2010-10-01 08:59 . 2010-10-01 08:59 0 ----a-w- c:\windows\system32\REN129.tmp
2010-10-01 08:59 . 2010-10-01 08:59 0 ----a-w- c:\windows\system32\REN128.tmp
2010-10-01 08:59 . 2010-10-01 08:59 0 ----a-w- c:\windows\system32\REN127.tmp
2010-09-29 08:17 . 2010-07-18 05:31 -------- d-----w- c:\documents and settings\Jaco\Application Data\Skype
2010-09-29 08:00 . 2010-07-18 05:32 -------- d-----w- c:\documents and settings\Jaco\Application Data\skypePM
2010-09-27 01:45 . 2007-03-16 00:36 -------- d-----w- c:\documents and settings\Jaco\Application Data\Azureus
2010-09-20 06:41 . 2009-02-27 03:22 -------- d-----w- c:\program files\NCH Swift Sound
2010-09-20 06:19 . 2009-02-27 03:23 -------- d-----w- c:\program files\NCH Software
2010-09-17 05:14 . 2010-07-18 05:30 -------- d-----r- c:\program files\Skype
2010-09-04 07:31 . 2010-04-21 15:58 4177856 ----a-w- c:\documents and settings\Jaco\Application Data\Azureus\plugins\azemp\vuzeplayer.exe
2010-09-04 07:30 . 2010-08-21 00:15 -------- d-----w- c:\program files\iTunes
2010-09-04 07:29 . 2010-09-04 07:29 310208 ----a-w- c:\documents and settings\Jaco\Application Data\Azureus\plugins\mlab\ShaperProbeC.exe
2010-09-04 07:28 . 2009-01-12 21:03 -------- d-----w- c:\program files\Vuze
2010-08-27 16:24 . 2010-08-27 16:24 63572 ---ha-w- c:\windows\system32\mlfcache.dat
2010-08-23 03:29 . 2010-08-23 03:29 55 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\F3053EF74652448F98A5C45703106076\install.bat
2010-08-23 03:29 . 2010-08-23 03:29 323584 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\F3053EF74652448F98A5C45703106076\lib\swt-win32-3232.dll
2010-08-21 00:22 . 2007-04-23 20:40 -------- d-----w- c:\documents and settings\Jaco\Application Data\Apple Computer
2010-08-21 00:16 . 2010-08-21 00:15 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-21 00:15 . 2010-08-21 00:15 -------- d-----w- c:\program files\iPod
2010-08-21 00:14 . 2009-03-16 17:11 -------- d-----w- c:\program files\QuickTime
2010-08-21 00:14 . 2007-04-03 00:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-08-21 00:13 . 2010-08-21 00:13 -------- d-----w- c:\program files\Apple Software Update
2010-08-21 00:09 . 2009-01-07 05:15 -------- d-----w- c:\program files\Common Files\Apple
2010-08-17 13:17 . 2003-03-31 19:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49 . 2003-03-31 19:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-08-15 22:35 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-21 21:30 . 2010-07-21 21:30 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-18 05:32 . 2010-07-18 05:32 56 ---ha-w- c:\windows\system32\ezsidmv.dat
.

((((((((((((((((((((((((((((( SnapShot@2010-10-03_05.46.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 00:41 . 2009-07-12 00:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2007-01-29 08:58 . 2010-06-21 14:46 46080 c:\windows\system32\tzchange.exe
- 2007-01-29 08:58 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
+ 2008-04-24 02:18 . 2008-11-10 16:41 67472 c:\windows\system32\spool\drivers\w32x86\msonpui.dll
+ 2008-04-24 02:18 . 2008-11-10 16:41 67472 c:\windows\system32\spool\drivers\w32x86\3\msonpui.dll
- 2007-03-14 21:37 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
+ 2007-03-14 21:37 . 2010-02-22 14:23 17272 c:\windows\system32\spmsg.dll
+ 2003-03-31 19:00 . 2010-06-24 12:15 44544 c:\windows\system32\pngfilt.dll
- 2003-03-31 19:00 . 2010-05-04 17:20 44544 c:\windows\system32\pngfilt.dll
+ 2003-03-31 19:00 . 2010-10-04 10:34 72786 c:\windows\system32\perfc009.dat
+ 2008-04-24 02:18 . 2008-11-10 16:41 32656 c:\windows\system32\msonpmon.dll
- 2006-11-08 02:03 . 2010-05-04 17:20 52224 c:\windows\system32\msfeedsbs.dll
+ 2006-11-08 02:03 . 2010-06-24 12:15 52224 c:\windows\system32\msfeedsbs.dll
- 2003-03-31 19:00 . 2010-05-04 17:20 27648 c:\windows\system32\jsproxy.dll
+ 2003-03-31 19:00 . 2010-06-24 12:15 27648 c:\windows\system32\jsproxy.dll
+ 2006-11-07 08:26 . 2010-06-23 12:06 13824 c:\windows\system32\ieudinit.exe
- 2006-11-07 08:26 . 2010-05-04 12:39 13824 c:\windows\system32\ieudinit.exe
- 2003-03-31 19:00 . 2010-05-04 17:20 44544 c:\windows\system32\iernonce.dll
+ 2003-03-31 19:00 . 2010-06-24 12:15 44544 c:\windows\system32\iernonce.dll
+ 2007-03-14 20:42 . 2010-06-24 12:15 78336 c:\windows\system32\ieencode.dll
- 2007-03-14 20:42 . 2010-05-04 17:20 78336 c:\windows\system32\ieencode.dll
- 2003-03-31 19:00 . 2010-05-04 12:39 70656 c:\windows\system32\ie4uinit.exe
+ 2003-03-31 19:00 . 2010-06-23 12:06 70656 c:\windows\system32\ie4uinit.exe
- 2003-03-31 19:00 . 2008-04-14 00:11 80384 c:\windows\system32\iccvid.dll
+ 2003-03-31 19:00 . 2010-06-17 14:03 80384 c:\windows\system32\iccvid.dll
- 2006-10-17 16:58 . 2010-05-04 17:20 63488 c:\windows\system32\icardie.dll
+ 2006-10-17 16:58 . 2010-06-24 12:15 63488 c:\windows\system32\icardie.dll
+ 2010-08-17 13:17 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
+ 2007-01-04 13:36 . 2010-06-24 12:15 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2007-01-04 13:36 . 2010-05-04 17:20 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2007-05-08 22:42 . 2010-05-04 17:20 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-05-08 22:42 . 2010-06-24 12:15 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-01-04 13:36 . 2010-06-24 12:15 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2007-01-04 13:36 . 2010-05-04 17:20 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2007-05-08 22:42 . 2010-05-04 12:39 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2007-05-08 22:42 . 2010-06-23 12:06 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2006-11-07 08:26 . 2010-05-04 17:20 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2006-11-07 08:26 . 2010-06-24 12:15 44544 c:\windows\system32\dllcache\iernonce.dll
- 2009-06-29 16:12 . 2010-05-04 17:20 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2009-06-29 16:12 . 2010-06-24 12:15 78336 c:\windows\system32\dllcache\ieencode.dll
- 2006-11-07 08:26 . 2010-05-04 12:39 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2006-11-07 08:26 . 2010-06-23 12:06 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2007-08-20 10:04 . 2010-06-24 12:15 63488 c:\windows\system32\dllcache\icardie.dll
- 2007-08-20 10:04 . 2010-05-04 17:20 63488 c:\windows\system32\dllcache\icardie.dll
+ 2009-06-29 16:12 . 2010-06-24 12:15 17408 c:\windows\system32\dllcache\corpol.dll
- 2009-06-29 16:12 . 2010-05-04 17:20 17408 c:\windows\system32\dllcache\corpol.dll
- 2003-03-31 19:00 . 2010-05-04 17:20 17408 c:\windows\system32\corpol.dll
+ 2003-03-31 19:00 . 2010-06-24 12:15 17408 c:\windows\system32\corpol.dll
- 2008-04-24 02:18 . 2008-04-24 02:18 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-04-24 02:18 . 2010-10-04 10:22 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-04-24 02:18 . 2008-04-24 02:18 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-04-24 02:18 . 2010-10-04 10:22 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-04-24 02:18 . 2008-04-24 02:18 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-04-24 02:18 . 2010-10-04 10:22 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 1999-04-06 14:55 . 1999-04-06 14:55 40960 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\VBAME.DLL
+ 2006-07-24 15:50 . 2006-07-24 15:50 92976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSADDNDR.DLL
+ 2006-10-27 02:17 . 2006-10-27 02:17 11072 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XLCALL32.DLL
+ 2006-10-27 02:13 . 2006-10-27 02:13 72472 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XL12CNVP.DLL
+ 2006-10-27 20:11 . 2006-10-27 20:11 21264 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WRD12EXE.EXE
+ 2008-04-24 02:16 . 2008-04-24 02:16 12096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WORDPOL.DLL
+ 2008-04-24 02:16 . 2008-04-24 02:16 12080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VBIDEPOL.DLL
+ 2008-04-24 02:16 . 2008-04-24 02:16 64288 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VBIDEPIA.DLL
+ 2006-10-26 19:04 . 2006-10-26 19:04 76624 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWSTRUCT.DLL
+ 2006-10-26 19:04 . 2006-10-26 19:04 19784 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWRECS.DLL
+ 2006-10-26 19:04 . 2006-10-26 19:04 51008 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWRECE.DLL
+ 2006-10-26 19:04 . 2006-10-26 19:04 27456 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWORIENT.DLL
+ 2006-10-26 19:04 . 2006-10-26 19:04 58168 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWLAY32.DLL
+ 2006-10-26 19:05 . 2006-10-26 19:05 86840 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWCUTLIN.DLL
+ 2006-10-26 19:04 . 2006-10-26 19:04 29976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\THOCRAPI.DLL
+ 2006-10-27 00:59 . 2006-10-27 00:59 15672 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SMARTTAGINSTALL.EXE
+ 2006-10-27 00:49 . 2006-10-27 00:49 34104 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SETLANG.EXE
+ 2006-10-27 01:55 . 2006-10-27 01:55 55056 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SCANOST.EXE
+ 2006-10-27 01:55 . 2006-10-27 01:55 76576 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\RM.DLL
+ 2006-10-26 19:04 . 2006-10-26 19:04 19784 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\REVERSE.DLL
+ 2006-10-27 01:12 . 2006-10-27 01:12 40424 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\REFIEBAR.DLL
+ 2006-10-27 02:13 . 2006-10-27 02:13 38168 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\REFEDIT.DLL
+ 2006-10-27 01:55 . 2006-10-27 01:55 39208 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\RECALL.DLL
+ 2006-10-27 01:09 . 2006-10-27 01:09 48448 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PUBTRAP.DLL
+ 2006-10-26 19:05 . 2006-10-26 19:05 77144 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PSOM.DLL
+ 2008-04-24 02:16 . 2008-04-24 02:16 12112 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPTPOL.DLL
+ 2006-10-27 01:55 . 2006-10-27 01:55 53048 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLVBA.DLL
+ 2006-10-27 20:16 . 2006-10-27 20:16 46864 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLRPC.DLL
+ 2006-10-27 00:59 . 2006-10-27 00:59 46936 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OSETUPPS.DLL
+ 2006-10-27 00:59 . 2006-10-27 00:59 18760 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OPHPROXY.DLL
+ 2006-10-27 01:24 . 2006-10-27 01:24 72504 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONFILTER.DLL
+ 2006-10-27 01:24 . 2006-10-27 01:24 98632 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONENOTEM.EXE
+ 2006-10-27 00:59 . 2006-10-27 00:59 16728 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OMUOPTINPS.DLL
+ 2006-10-27 01:00 . 2006-10-27 01:00 23392 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OISCTRL.DLL
+ 2006-10-27 20:11 . 2006-10-27 20:11 54680 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OFFRHD.DLL
+ 2008-04-24 02:16 . 2008-04-24 02:16 11544 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OFFICEPL.DLL
+ 2006-10-27 01:12 . 2006-10-27 01:12 65824 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\NAME.DLL
+ 2008-04-24 02:16 . 2008-04-24 02:16 12104 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTAGPOL.DLL
+ 2008-04-24 02:16 . 2008-04-24 02:16 20280 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTAGPIA.DLL
+ 2006-10-27 00:59 . 2006-10-27 00:59 43832 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSSH.DLL
+ 2006-10-27 00:58 . 2006-10-27 00:58 20776 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSPGIMME.DLL
+ 2006-10-27 20:26 . 2006-10-27 20:26 35152 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOSTYLE.DLL
+ 2006-10-27 00:56 . 2006-10-27 00:56 67408 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSONPUI.DLL
+ 2006-10-27 00:56 . 2006-10-27 00:56 32592 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSONPMON.DLL
+ 2006-10-27 00:52 . 2006-10-27 00:52 66368 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOMSE.DLL
+ 2006-10-27 01:12 . 2006-10-27 01:12 67896 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOHTMED.EXE
+ 2006-10-27 20:01 . 2006-10-27 20:01 76088 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOHEV.DLL
+ 2006-10-27 02:13 . 2006-10-27 02:13 26936 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOEURO.DLL
+ 2006-10-27 00:48 . 2006-10-27 00:48 14664 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOCFU.DLL
+ 2006-10-27 00:59 . 2006-10-27 00:59 19768 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSMH.DLL
+ 2006-10-27 00:52 . 2006-10-27 00:52 48424 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSE7.EXE
+ 2006-10-27 02:18 . 2006-10-27 02:18 66880 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSAEXP30.DLL
+ 2006-10-27 01:55 . 2006-10-27 01:55 21312 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MLSHEXT.DLL
+ 2006-10-27 01:12 . 2006-10-27 01:12 89400 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\METCONV.DLL
+ 2006-10-27 02:41 . 2006-10-27 02:41 66368 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\INLAUNCH.DLL
+ 2006-10-27 20:37 . 2006-10-27 20:37 35112 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESYSTEMMODE.DLL
+ 2006-10-27 05:47 . 2006-10-27 05:47 16688 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESTDURLLAUNCHER.EXE
+ 2006-10-27 05:47 . 2006-10-27 05:47 22808 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVENEW.DLL
+ 2006-10-27 05:47 . 2006-10-27 05:47 31016 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEMONITOR.EXE
+ 2006-10-27 05:47 . 2006-10-27 05:47 33568 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECLEAN.EXE
+ 2006-10-27 20:37 . 2006-10-27 20:37 34088 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEAUTOPROXY.DLL
+ 2006-10-27 05:47 . 2006-10-27 05:47 65824 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEAUDITSERVICE.EXE
+ 2008-04-24 02:16 . 2008-04-24 02:16 12096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GRAPHPOL.DLL
+ 2006-10-26 19:04 . 2006-10-26 19:04 75576 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FORM.DLL
+ 2008-04-24 02:16 . 2008-04-24 02:16 12096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EXCELPOL.DLL
+ 2006-10-27 01:55 . 2006-10-27 01:55 35160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DUMPSTER.DLL
+ 2006-10-27 01:55 . 2006-10-27 01:55 87344 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DLGSETP.DLL
+ 2006-10-27 02:30 . 2006-10-27 02:30 65312 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\COLLIMP.DLL
+ 2006-10-27 01:12 . 2006-10-27 01:12 53576 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\AUTHZAX.DLL
+ 2006-10-27 01:13 . 2006-10-27 01:13 56120 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACERCLR.DLL
+ 2006-10-27 01:13 . 2006-10-27 01:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODTXT.DLL
+ 2006-10-27 01:13 . 2006-10-27 01:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODPDX.DLL
+ 2006-10-27 01:13 . 2006-10-27 01:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODEXL.DLL
+ 2006-10-27 01:13 . 2006-10-27 01:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODDBS.DLL
+ 2006-10-27 20:00 . 2006-10-27 20:00 47976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEERR.DLL
+ 2006-10-27 02:18 . 2006-10-27 02:18 94016 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACCOLK.DLL
+ 2010-10-04 10:36 . 2010-05-04 17:20 44544 c:\windows\ie7updates\KB2183461-IE7\pngfilt.dll
+ 2010-10-04 10:36 . 2010-05-04 17:20 52224 c:\windows\ie7updates\KB2183461-IE7\msfeedsbs.dll
+ 2010-10-04 10:36 . 2010-05-04 17:20 27648 c:\windows\ie7updates\KB2183461-IE7\jsproxy.dll
+ 2010-10-04 10:36 . 2010-05-04 12:39 13824 c:\windows\ie7updates\KB2183461-IE7\ieudinit.exe
+ 2010-10-04 10:36 . 2010-05-04 17:20 44544 c:\windows\ie7updates\KB2183461-IE7\iernonce.dll
+ 2010-10-04 10:36 . 2010-05-04 17:20 78336 c:\windows\ie7updates\KB2183461-IE7\ieencode.dll
+ 2010-10-04 10:36 . 2010-05-04 12:39 70656 c:\windows\ie7updates\KB2183461-IE7\ie4uinit.exe
+ 2010-10-04 10:36 . 2010-05-04 17:20 63488 c:\windows\ie7updates\KB2183461-IE7\icardie.dll
+ 2010-10-04 10:36 . 2010-05-04 17:20 17408 c:\windows\ie7updates\KB2183461-IE7\corpol.dll
+ 2010-10-04 10:40 . 2010-10-04 10:40 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5ec9dec678303ebff0ef018edb5ec595\UIAutomationProvider.ni.dll
+ 2010-10-04 10:39 . 2010-10-04 10:39 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\de26af01222270c121788161496fcfe7\PresentationFontCache.ni.exe
+ 2010-10-04 10:35 . 2010-10-04 10:35 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\3c5adeedb70e6e052a6556c6ab9b6918\PresentationCFFRasterizer.ni.dll
+ 2010-10-04 23:39 . 2010-10-04 23:39 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\5ffa548547613dbc5a92f2c5b7cad196\Accessibility.ni.dll
- 2010-06-23 10:17 . 2010-06-23 10:17 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-10-04 10:33 . 2010-10-04 10:33 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-06-23 10:17 . 2010-06-23 10:17 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-10-04 10:33 . 2010-10-04 10:33 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-10-04 10:34 . 2010-10-04 10:34 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-06-23 10:17 . 2010-06-23 10:17 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-06-23 10:17 . 2010-06-23 10:17 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-10-04 10:33 . 2010-10-04 10:33 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-10-04 10:34 . 2010-10-04 10:34 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-06-23 10:17 . 2010-06-23 10:17 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-10-04 10:33 . 2010-10-04 10:33 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-06-23 10:17 . 2010-06-23 10:17 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-06-23 10:17 . 2010-06-23 10:17 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-10-04 10:34 . 2010-10-04 10:34 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-06-23 10:17 . 2010-06-23 10:17 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-10-04 10:34 . 2010-10-04 10:34 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-06-23 10:17 . 2010-06-23 10:17 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-10-04 10:33 . 2010-10-04 10:33 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-10-04 10:33 . 2010-10-04 10:33 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-06-23 10:17 . 2010-06-23 10:17 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-06-23 10:17 . 2010-06-23 10:17 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-10-04 10:33 . 2010-10-04 10:33 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-06-23 10:17 . 2010-06-23 10:17 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-10-04 10:33 . 2010-10-04 10:33 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-10-04 10:33 . 2010-10-04 10:33 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-06-23 10:17 . 2010-06-23 10:17 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-10-04 10:08 . 2010-10-04 10:08 10576 c:\windows\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\Policy.11.0.Office.dll
+ 2010-10-04 10:08 . 2010-10-04 10:08 11112 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll
+ 2010-10-04 10:09 . 2010-10-04 10:09 11128 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll
+ 2010-10-04 10:08 . 2010-10-04 10:08 11136 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.SmartTag.dll
+ 2010-10-04 10:10 . 2010-10-04 10:10 11152 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.PowerPoint.dll
+ 2010-10-04 10:08 . 2010-10-04 10:08 11128 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Graph.dll
+ 2010-10-04 10:09 . 2010-10-04 10:09 11144 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Excel.dll
+ 2010-10-04 10:08 . 2010-10-04 10:08 63336 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2010-10-04 10:08 . 2010-10-04 10:08 19320 c:\windows\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
- 2010-06-23 10:17 . 2010-06-23 10:17 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-10-04 10:33 . 2010-10-04 10:33 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-10-04 10:33 . 2010-10-04 10:33 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-06-23 10:17 . 2010-06-23 10:17 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-06-23 10:17 . 2010-06-23 10:17 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-10-04 10:34 . 2010-10-04 10:34 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-06-23 10:17 . 2010-06-23 10:17 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-10-04 10:33 . 2010-10-04 10:33 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-06-23 10:17 . 2010-06-23 10:17 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-10-04 10:33 . 2010-10-04 10:33 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

descriptionInfected with Bootkit Whistler EmptyRe: Infected with Bootkit Whistler

more_horiz
+ 2010-10-04 10:34 . 2010-10-04 10:34 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-06-23 10:17 . 2010-06-23 10:17 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-10-04 10:34 . 2010-10-04 10:34 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2010-06-23 10:17 . 2010-06-23 10:17 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2003-03-31 19:00 . 2008-04-14 00:12 293376 c:\windows\system32\winsrv.dll
+ 2003-03-31 19:00 . 2010-06-18 17:45 293376 c:\windows\system32\winsrv.dll
- 2003-03-31 19:00 . 2010-05-04 17:20 832512 c:\windows\system32\wininet.dll
+ 2003-03-31 19:00 . 2010-06-24 12:15 832512 c:\windows\system32\wininet.dll
+ 2003-03-31 19:00 . 2010-06-24 12:15 233472 c:\windows\system32\webcheck.dll
- 2003-03-31 19:00 . 2010-05-04 17:20 233472 c:\windows\system32\webcheck.dll
+ 2003-03-31 19:00 . 2010-04-16 15:36 406016 c:\windows\system32\usp10.dll
- 2003-03-31 19:00 . 2008-04-14 00:12 406016 c:\windows\system32\usp10.dll
+ 2003-03-31 19:00 . 2010-06-24 12:15 105984 c:\windows\system32\url.dll
- 2003-03-31 19:00 . 2010-05-04 17:20 105984 c:\windows\system32\url.dll
+ 2008-04-24 02:18 . 2008-11-10 16:41 864144 c:\windows\system32\spool\drivers\w32x86\msonpdrv.dll
+ 2008-04-24 02:18 . 2008-11-10 16:41 864144 c:\windows\system32\spool\drivers\w32x86\3\msonpdrv.dll
+ 2003-03-31 19:00 . 2010-06-30 12:31 149504 c:\windows\system32\schannel.dll
+ 2003-03-31 19:00 . 2010-10-04 10:34 445580 c:\windows\system32\perfh009.dat
- 2003-03-31 19:00 . 2010-05-04 17:20 102912 c:\windows\system32\occache.dll
+ 2003-03-31 19:00 . 2010-06-24 12:15 102912 c:\windows\system32\occache.dll
+ 2003-03-31 19:00 . 2010-06-24 12:15 671232 c:\windows\system32\mstime.dll
- 2003-03-31 19:00 . 2010-05-04 17:20 671232 c:\windows\system32\mstime.dll
- 2003-03-31 19:00 . 2010-05-04 17:20 193024 c:\windows\system32\msrating.dll
+ 2003-03-31 19:00 . 2010-06-24 12:15 193024 c:\windows\system32\msrating.dll
+ 2003-03-31 19:00 . 2010-06-24 12:15 477696 c:\windows\system32\mshtmled.dll
- 2003-03-31 19:00 . 2010-05-04 17:20 477696 c:\windows\system32\mshtmled.dll
- 2006-11-08 02:03 . 2010-05-04 17:20 459264 c:\windows\system32\msfeeds.dll
+ 2006-11-08 02:03 . 2010-06-24 12:15 459264 c:\windows\system32\msfeeds.dll
+ 2006-10-19 02:47 . 2010-03-30 17:24 317440 c:\windows\system32\mp4sdecd.dll
- 2006-10-19 02:47 . 2006-10-19 02:47 317440 c:\windows\system32\MP4SDECD.dll
+ 2007-03-14 03:23 . 2010-06-09 07:43 692736 c:\windows\system32\inetcomm.dll
+ 2006-10-17 16:57 . 2010-06-24 12:15 268288 c:\windows\system32\iertutil.dll
- 2006-10-17 16:57 . 2010-05-04 17:20 268288 c:\windows\system32\iertutil.dll
+ 2003-03-31 19:00 . 2010-06-24 12:15 192512 c:\windows\system32\iepeers.dll
- 2003-03-31 19:00 . 2010-05-04 17:20 192512 c:\windows\system32\iepeers.dll
- 2003-03-31 19:00 . 2010-05-04 17:20 385024 c:\windows\system32\iedkcs32.dll
+ 2003-03-31 19:00 . 2010-06-24 12:15 385024 c:\windows\system32\iedkcs32.dll
+ 2006-10-17 16:27 . 2010-06-24 12:15 380928 c:\windows\system32\ieapfltr.dll
- 2006-10-17 16:27 . 2010-05-04 17:20 380928 c:\windows\system32\ieapfltr.dll
- 2003-03-31 19:00 . 2010-04-16 11:43 161792 c:\windows\system32\ieakui.dll
+ 2003-03-31 19:00 . 2010-06-17 15:11 161792 c:\windows\system32\ieakui.dll
+ 2003-03-31 19:00 . 2010-06-24 12:15 230400 c:\windows\system32\ieaksie.dll
- 2003-03-31 19:00 . 2010-05-04 17:20 230400 c:\windows\system32\ieaksie.dll
- 2003-03-31 19:00 . 2010-05-04 17:20 153088 c:\windows\system32\ieakeng.dll
+ 2003-03-31 19:00 . 2010-06-24 12:15 153088 c:\windows\system32\ieakeng.dll
+ 2007-03-13 20:19 . 2010-10-04 10:29 294864 c:\windows\system32\FNTCACHE.DAT
- 2007-03-13 20:19 . 2010-10-01 01:31 294864 c:\windows\system32\FNTCACHE.DAT
+ 2007-03-14 20:42 . 2010-06-24 12:15 133120 c:\windows\system32\extmgr.dll
- 2007-03-14 20:42 . 2010-05-04 17:20 133120 c:\windows\system32\extmgr.dll
- 2003-03-31 19:00 . 2010-05-04 17:20 214528 c:\windows\system32\dxtrans.dll
+ 2003-03-31 19:00 . 2010-06-24 12:15 214528 c:\windows\system32\dxtrans.dll
+ 2003-03-31 19:00 . 2010-06-24 12:15 347136 c:\windows\system32\dxtmsft.dll
- 2003-03-31 19:00 . 2010-05-04 17:20 347136 c:\windows\system32\dxtmsft.dll
+ 2003-03-31 19:00 . 2010-06-21 15:27 354304 c:\windows\system32\drivers\srv.sys
+ 2010-06-18 17:45 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2007-01-04 13:37 . 2010-06-24 12:15 832512 c:\windows\system32\dllcache\wininet.dll
- 2007-01-04 13:37 . 2010-05-04 17:20 832512 c:\windows\system32\dllcache\wininet.dll
- 2006-11-08 02:03 . 2010-05-04 17:20 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2006-11-08 02:03 . 2010-06-24 12:15 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2010-04-16 15:36 . 2010-04-16 15:36 406016 c:\windows\system32\dllcache\usp10.dll
+ 2006-10-17 17:05 . 2010-06-24 12:15 105984 c:\windows\system32\dllcache\url.dll
- 2006-10-17 17:05 . 2010-05-04 17:20 105984 c:\windows\system32\dllcache\url.dll
+ 2008-12-11 02:57 . 2010-06-21 15:27 354304 c:\windows\system32\dllcache\srv.sys
+ 2008-12-05 06:54 . 2010-06-30 12:31 149504 c:\windows\system32\dllcache\schannel.dll
+ 2009-04-15 14:51 . 2010-07-22 15:49 590848 c:\windows\system32\dllcache\rpcrt4.dll
+ 2006-10-17 17:04 . 2010-06-24 12:15 102912 c:\windows\system32\dllcache\occache.dll
- 2006-10-17 17:04 . 2010-05-04 17:20 102912 c:\windows\system32\dllcache\occache.dll
+ 2007-01-04 13:36 . 2010-06-24 12:15 671232 c:\windows\system32\dllcache\mstime.dll
- 2007-01-04 13:36 . 2010-05-04 17:20 671232 c:\windows\system32\dllcache\mstime.dll
+ 2007-01-04 13:36 . 2010-06-24 12:15 193024 c:\windows\system32\dllcache\msrating.dll
- 2007-01-04 13:36 . 2010-05-04 17:20 193024 c:\windows\system32\dllcache\msrating.dll
- 2007-01-04 13:36 . 2010-05-04 17:20 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2007-01-04 13:36 . 2010-06-24 12:15 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2007-05-08 22:42 . 2010-05-04 17:20 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2007-05-08 22:42 . 2010-06-24 12:15 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2010-03-30 17:24 . 2010-03-30 17:24 317440 c:\windows\system32\dllcache\mp4sdecd.dll
+ 2008-12-11 02:53 . 2010-06-09 07:43 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2006-10-17 17:04 . 2010-06-17 15:12 634656 c:\windows\system32\dllcache\iexplore.exe
- 2006-10-17 17:04 . 2010-04-16 11:43 634656 c:\windows\system32\dllcache\iexplore.exe
+ 2007-05-08 22:42 . 2010-06-24 12:15 268288 c:\windows\system32\dllcache\iertutil.dll
- 2007-05-08 22:42 . 2010-05-04 17:20 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2007-01-04 13:36 . 2010-06-24 12:15 192512 c:\windows\system32\dllcache\iepeers.dll
- 2007-01-04 13:36 . 2010-05-04 17:20 192512 c:\windows\system32\dllcache\iepeers.dll
+ 2006-11-07 08:27 . 2010-06-24 12:15 385024 c:\windows\system32\dllcache\iedkcs32.dll
- 2006-11-07 08:27 . 2010-05-04 17:20 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-05-08 22:42 . 2010-06-24 12:15 380928 c:\windows\system32\dllcache\ieapfltr.dll
- 2007-05-08 22:42 . 2010-05-04 17:20 380928 c:\windows\system32\dllcache\ieapfltr.dll
- 2003-03-31 19:00 . 2010-04-16 11:43 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2003-03-31 19:00 . 2010-06-17 15:11 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2006-11-07 08:27 . 2010-06-24 12:15 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2006-11-07 08:27 . 2010-05-04 17:20 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2006-11-07 08:26 . 2010-06-24 12:15 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2006-11-07 08:26 . 2010-05-04 17:20 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2007-01-04 13:36 . 2010-06-24 12:15 133120 c:\windows\system32\dllcache\extmgr.dll
- 2007-01-04 13:36 . 2010-05-04 17:20 133120 c:\windows\system32\dllcache\extmgr.dll
- 2007-01-04 13:36 . 2010-05-04 17:20 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2007-01-04 13:36 . 2010-06-24 12:15 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2007-01-04 13:36 . 2010-05-04 17:20 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2007-01-04 13:36 . 2010-06-24 12:15 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2006-11-07 08:26 . 2010-06-24 12:15 124928 c:\windows\system32\dllcache\advpack.dll
- 2006-11-07 08:26 . 2010-05-04 17:20 124928 c:\windows\system32\dllcache\advpack.dll
+ 2003-03-31 19:00 . 2010-06-24 12:15 124928 c:\windows\system32\advpack.dll
- 2003-03-31 19:00 . 2010-05-04 17:20 124928 c:\windows\system32\advpack.dll
+ 2007-03-14 03:23 . 2010-06-14 14:31 744448 c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
- 2007-03-14 03:23 . 2008-04-14 00:12 744448 c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
+ 2010-05-11 11:40 . 2010-05-11 11:40 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2009-08-08 04:51 . 2009-08-08 04:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2010-05-11 11:40 . 2010-05-11 11:40 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2010-10-04 09:16 . 2010-10-04 09:16 248832 c:\windows\Installer\7b28e4.msi
- 2008-04-24 02:13 . 2008-04-24 02:13 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2010-10-04 09:57 . 2010-10-04 09:57 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2008-04-24 02:18 . 2010-10-04 10:22 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-04-24 02:18 . 2008-04-24 02:18 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-04-24 02:18 . 2010-10-04 10:22 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-04-24 02:18 . 2008-04-24 02:18 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-04-24 02:18 . 2008-04-24 02:18 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-04-24 02:18 . 2010-10-04 10:22 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-04-24 02:18 . 2010-10-04 10:22 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-04-24 02:18 . 2008-04-24 02:18 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-04-24 02:18 . 2008-04-24 02:18 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2008-04-24 02:18 . 2010-10-04 10:22 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-04-24 02:18 . 2008-04-24 02:18 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-04-24 02:18 . 2010-10-04 10:22 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-04-24 02:18 . 2010-10-04 10:22 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2008-04-24 02:18 . 2008-04-24 02:18 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2006-10-26 19:05 . 2006-10-26 19:05 530760 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XPAGE3C.DLL
+ 2006-10-27 01:49 . 2006-10-27 01:49 509200 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WRD12CVR.DLL
+ 2008-04-24 02:16 . 2008-04-24 02:16 781104 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WORDPIA.DLL
+ 2006-10-27 20:23 . 2006-10-27 20:23 347432 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WINWORD.EXE
+ 2006-10-26 19:05 . 2006-10-26 19:05 126784 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWCUTCHR.DLL
+ 2006-07-28 20:21 . 2006-07-28 20:21 277320 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SSGEN.DLL
+ 2006-10-27 02:18 . 2006-10-27 02:18 502608 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SOA.DLL
+ 2006-10-27 01:06 . 2006-10-27 01:06 439600 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SETUP.EXE
+ 2006-10-27 01:13 . 2006-10-27 01:13 503624 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SELFCERT.EXE
+ 2006-10-27 01:55 . 2006-10-27 01:55 272744 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SCNPST64.DLL
+ 2006-10-27 01:55 . 2006-10-27 01:55 263520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SCNPST32.DLL
+ 2006-10-27 20:16 . 2006-10-27 20:16 408880 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\RTFHTML.DLL
+ 2006-10-27 02:42 . 2006-10-27 02:42 744808 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\REGFORM.EXE
+ 2006-10-27 01:09 . 2006-10-27 01:09 590144 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PUBCONV.DLL
+ 2006-10-27 20:04 . 2006-10-27 20:04 624456 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PTXT9.DLL
+ 2006-10-27 01:55 . 2006-10-27 01:55 413472 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PSTPRX32.DLL
+ 2006-10-27 01:09 . 2006-10-27 01:09 136008 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PRTF9.DLL
+ 2008-04-24 02:16 . 2008-04-24 02:16 248632 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPTPIA.DLL
+ 2006-10-27 02:07 . 2006-10-27 02:07 368968 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPSLAX.DLL
+ 2006-10-27 20:04 . 2006-10-27 20:04 465200 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\POWERPNT.EXE
+ 2006-10-27 02:30 . 2006-10-27 02:30 482088 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PORTCONN.DLL
+ 2006-10-27 20:16 . 2006-10-27 20:16 176976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLPH.DLL
+ 2006-10-27 20:16 . 2006-10-27 20:16 594256 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLMIME.DLL
+ 2006-07-26 23:53 . 2006-07-26 23:53 459080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLFLTR.DLL
+ 2006-10-27 20:16 . 2006-10-27 20:16 138512 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLCTL.DLL
+ 2006-10-26 18:58 . 2006-10-26 18:58 540008 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ORGCHART.EXE
+ 2006-10-27 01:23 . 2006-10-27 01:23 782720 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONSYNCPC.DLL
+ 2006-10-27 20:39 . 2006-10-27 20:39 687432 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONBTTNOL.DLL
+ 2006-10-27 01:32 . 2006-10-27 01:32 604000 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONBTTNIE.DLL
+ 2006-10-27 01:34 . 2006-10-27 01:34 192848 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OMSXP32.DLL
+ 2006-10-27 01:34 . 2006-10-27 01:34 660792 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OMSMAIN.DLL
+ 2006-10-27 01:55 . 2006-10-27 01:55 254776 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OLKFSTUB.DLL
+ 2006-10-27 01:00 . 2006-10-27 01:00 285008 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OISGRAPH.DLL
+ 2006-10-27 01:00 . 2006-10-27 01:00 998208 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OISAPP.DLL
+ 2006-10-27 01:00 . 2006-10-27 01:00 274744 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OIS.EXE
+ 2006-10-20 13:37 . 2006-10-20 13:37 637744 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OGALEGIT.DLL
+ 2008-04-24 02:16 . 2008-04-24 02:16 416544 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OFFICE.DLL
+ 2006-10-27 01:06 . 2006-10-27 01:06 232816 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ODEPLOY.EXE
+ 2006-10-27 00:55 . 2006-10-27 00:55 538904 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTORES.DLL
+ 2006-10-27 00:55 . 2006-10-27 00:55 145688 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTORE.EXE
+ 2006-10-27 00:55 . 2006-10-27 00:55 832800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTORDB.EXE
+ 2006-10-26 18:56 . 2006-10-26 18:56 505136 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSSOAP30.DLL
+ 2006-10-27 00:50 . 2006-10-27 00:50 672024 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSQRY32.EXE
+ 2006-10-26 19:47 . 2006-10-26 19:47 727840 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSPROOF6.DLL
+ 2006-10-26 18:56 . 2006-10-26 18:56 436520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSORUN.DLL
+ 2006-10-27 00:56 . 2006-10-27 00:56 864080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSONPDRV.DLL
+ 2006-10-27 01:12 . 2006-10-27 01:12 428816 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSODCW.DLL
+ 2006-10-27 19:59 . 2006-10-27 19:59 161080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOCF.DLL
+ 2006-10-26 18:58 . 2006-10-26 18:58 117552 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSCONV97.DLL
+ 2006-10-26 18:58 . 2006-10-26 18:58 290576 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSCDM.DLL
+ 2006-10-27 20:04 . 2006-10-27 20:04 497504 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MORPH9.DLL
+ 2006-10-27 00:52 . 2006-10-27 00:52 460616 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MODHELP.DLL
+ 2006-10-27 01:55 . 2006-10-27 01:55 340248 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MIMEDIR.DLL
+ 2006-10-27 00:55 . 2006-10-27 00:55 828704 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MEDCAT.DLL
+ 2006-10-27 00:58 . 2006-10-27 00:58 525664 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MDIVWCTL.DLL
+ 2006-10-27 00:58 . 2006-10-27 00:58 274776 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MDIINK.DLL
+ 2008-04-24 02:16 . 2008-04-24 02:16 118112 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPOMINT.DLL
+ 2008-04-24 02:16 . 2008-04-24 02:16 609104 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPOMHOST.DLL
+ 2006-10-27 02:42 . 2006-10-27 02:42 176976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPOLK.DLL
+ 2006-10-27 01:55 . 2006-10-27 01:55 138024 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IMPMAIL.DLL
+ 2006-10-27 01:00 . 2006-10-27 01:00 178488 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IETAG.DLL
+ 2006-10-27 01:12 . 2006-10-27 01:12 173328 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IEAWSDC.DLL
+ 2006-10-27 20:37 . 2006-10-27 20:37 631080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEWEBSERVICES.DLL
+ 2006-10-27 05:48 . 2006-10-27 05:48 572216 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEWEBPLATFORMSERVICES.DLL
+ 2006-10-27 20:37 . 2006-10-27 20:37 268080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEWEBBROWSERTOOL2.DLL
+ 2006-10-27 05:48 . 2006-10-27 05:48 955680 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEUTIL.DLL
+ 2006-10-27 05:48 . 2006-10-27 05:48 222512 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESYSTEMSERVICES.DLL
+ 2006-10-27 05:48 . 2006-10-27 05:48 363304 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESKETCHTOOL.DLL
+ 2006-10-27 05:48 . 2006-10-27 05:48 224048 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEPROJECTTOOLSET.DLL
+ 2006-10-27 05:48 . 2006-10-27 05:48 317736 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEMIGRATOR.EXE
+ 2006-10-27 05:48 . 2006-10-27 05:48 197920 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEGAMES.DLL
+ 2006-10-27 20:37 . 2006-10-27 20:37 284976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEFETCHSERVICES.DLL
+ 2006-10-27 05:48 . 2006-10-27 05:48 377136 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEDATAVIEWERTOOL.DLL
+ 2006-10-27 20:37 . 2006-10-27 20:37 768304 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECOMPONENTMGR.DLL
+ 2006-10-27 20:37 . 2006-10-27 20:37 117584 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECOMMUNICATIONSSTATUSANDCONTROL.DLL
+ 2006-10-27 20:37 . 2006-10-27 20:37 300336 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECALENDARTOOL.DLL
+ 2006-10-27 20:37 . 2006-10-27 20:37 284448 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEAUDIO.DLL
+ 2006-10-27 20:37 . 2006-10-27 20:37 338216 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVE.EXE
+ 2008-04-24 02:16 . 2008-04-24 02:16 150320 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GRAPHPIA.DLL
+ 2006-10-27 20:09 . 2006-10-27 20:09 983376 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FPWEC.DLL
+ 2006-10-27 01:55 . 2006-10-27 01:55 154960 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ENVELOPE.DLL
+ 2006-10-27 01:55 . 2006-10-27 01:55 116544 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EMABLT32.DLL
+ 2006-10-27 00:48 . 2006-10-27 00:48 434528 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DWTRIG20.EXE
+ 2006-10-27 00:48 . 2006-10-27 00:48 439568 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DWDCW20.DLL
+ 2006-10-27 01:12 . 2006-10-27 01:12 106824 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DSSM.EXE
+ 2006-10-27 05:48 . 2006-10-27 05:48 234784 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DRAT.EXE
+ 2006-10-27 01:12 . 2006-10-27 01:12 189760 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CONTACTPICKER.DLL
+ 2006-10-27 20:16 . 2006-10-27 20:16 133936 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CONTAB32.DLL
+ 2006-10-27 00:59 . 2006-10-27 00:59 205616 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CLVIEW.EXE
+ 2006-10-27 20:41 . 2006-10-27 20:41 399640 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CDLMSO.DLL
+ 2006-10-27 01:13 . 2006-10-27 01:13 371568 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEXBE.DLL
+ 2006-10-27 20:40 . 2006-10-27 20:40 208760 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEWSS.DLL
+ 2006-10-27 01:13 . 2006-10-27 01:13 224104 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACETXT.DLL
+ 2006-10-27 01:13 . 2006-10-27 01:13 551800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEREP.DLL
+ 2006-10-27 01:13 . 2006-10-27 01:13 289648 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACER3X.DLL
+ 2006-10-27 01:13 . 2006-10-27 01:13 260976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACER2X.DLL
+ 2006-10-27 01:13 . 2006-10-27 01:13 392048 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEPDE.DLL
+ 2006-10-27 20:00 . 2006-10-27 20:00 387960 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEOLEDB.DLL
+ 2006-10-27 01:13 . 2006-10-27 01:13 279352 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODBC.DLL
+ 2006-10-27 01:13 . 2006-10-27 01:13 207736 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACELTS.DLL
+ 2006-10-27 01:13 . 2006-10-27 01:13 629616 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEEXCL.DLL
+ 2006-10-27 01:13 . 2006-10-27 01:13 338800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEEXCH.DLL
+ 2006-10-27 20:00 . 2006-10-27 20:00 191360 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEES.DLL
+ 2006-10-27 20:00 . 2006-10-27 20:00 576376 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEDAO.DLL
+ 2006-10-27 02:18 . 2006-10-27 02:18 162616 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACCWIZ.DLL
+ 2006-10-27 20:00 . 2006-10-27 20:00 576376 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACACEDAO.DLL
+ 2006-10-27 00:49 . 2006-10-27 00:49 970528 c:\windows\Installer\$PatchCache$\Managed\00002109010090400000000000F01FEC\12.0.4518\MSONSEXT.DLL
+ 2010-10-04 10:36 . 2010-05-04 17:20 832512 c:\windows\ie7updates\KB2183461-IE7\wininet.dll
+ 2010-10-04 10:36 . 2010-05-04 17:20 233472 c:\windows\ie7updates\KB2183461-IE7\webcheck.dll
+ 2010-10-04 10:36 . 2010-05-04 17:20 105984 c:\windows\ie7updates\KB2183461-IE7\url.dll
+ 2010-10-04 10:36 . 2010-02-22 14:23 382840 c:\windows\ie7updates\KB2183461-IE7\spuninst\updspapi.dll
+ 2010-10-04 10:36 . 2010-02-22 14:23 231288 c:\windows\ie7updates\KB2183461-IE7\spuninst\spuninst.exe
+ 2010-10-04 10:36 . 2010-05-04 17:20 102912 c:\windows\ie7updates\KB2183461-IE7\occache.dll
+ 2010-10-04 10:36 . 2010-05-04 17:20 671232 c:\windows\ie7updates\KB2183461-IE7\mstime.dll
+ 2010-10-04 10:36 . 2010-05-04 17:20 193024 c:\windows\ie7updates\KB2183461-IE7\msrating.dll
+ 2010-10-04 10:36 . 2010-05-04 17:20 477696 c:\windows\ie7updates\KB2183461-IE7\mshtmled.dll
+ 2010-10-04 10:36 . 2010-05-04 17:20 459264 c:\windows\ie7updates\KB2183461-IE7\msfeeds.dll
+ 2010-10-04 10:36 . 2010-04-16 11:43 634656 c:\windows\ie7updates\KB2183461-IE7\iexplore.exe
+ 2010-10-04 10:36 . 2010-05-04 17:20 268288 c:\windows\ie7updates\KB2183461-IE7\iertutil.dll
+ 2010-10-04 10:36 . 2010-05-04 17:20 192512 c:\windows\ie7updates\KB2183461-IE7\iepeers.dll
+ 2010-10-04 10:36 . 2010-05-04 17:20 385024 c:\windows\ie7updates\KB2183461-IE7\iedkcs32.dll
+ 2010-10-04 10:36 . 2010-05-04 17:20 380928 c:\windows\ie7updates\KB2183461-IE7\ieapfltr.dll
+ 2010-10-04 10:36 . 2010-04-16 11:43 161792 c:\windows\ie7updates\KB2183461-IE7\ieakui.dll
+ 2010-10-04 10:36 . 2010-05-04 17:20 230400 c:\windows\ie7updates\KB2183461-IE7\ieaksie.dll
+ 2010-10-04 10:36 . 2010-05-04 17:20 153088 c:\windows\ie7updates\KB2183461-IE7\ieakeng.dll
+ 2010-10-04 10:36 . 2010-05-04 17:20 133120 c:\windows\ie7updates\KB2183461-IE7\extmgr.dll
+ 2010-10-04 10:36 . 2010-05-04 17:20 214528 c:\windows\ie7updates\KB2183461-IE7\dxtrans.dll
+ 2010-10-04 10:36 . 2010-05-04 17:20 347136 c:\windows\ie7updates\KB2183461-IE7\dxtmsft.dll
+ 2010-10-04 10:36 . 2010-05-04 17:20 124928 c:\windows\ie7updates\KB2183461-IE7\advpack.dll
+ 2010-10-04 10:40 . 2010-10-04 10:40 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\672c4d8e3c33e309c1ed90fa4cb85aba\WindowsFormsIntegration.ni.dll
+ 2010-10-04 10:40 . 2010-10-04 10:40 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\cd91a32f4e36ccb2981c72c0d333e928\UIAutomationTypes.ni.dll
+ 2010-10-04 10:40 . 2010-10-04 10:40 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\9df760fdf8071c7b0de78f39de365e6a\UIAutomationClient.ni.dll
+ 2010-10-04 10:40 . 2010-10-04 10:40 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\90199b4aa63b1b9c8ed0c3de16eec824\System.Drawing.Design.ni.dll
+ 2010-10-04 10:39 . 2010-10-04 10:39 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e7e7321956e6822b1bf3691c35c842f6\PresentationFramework.Aero.ni.dll
+ 2010-10-04 10:39 . 2010-10-04 10:39 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a14488afff027f0f2985e659449097f5\PresentationFramework.Royale.ni.dll
+ 2010-10-04 10:39 . 2010-10-04 10:39 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\787e60c5dd562cb45887080095d2a3b7\PresentationFramework.Classic.ni.dll
+ 2010-10-04 10:39 . 2010-10-04 10:39 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2313ccc125dcb6a9800048ec1c51ec12\PresentationFramework.Luna.ni.dll

descriptionInfected with Bootkit Whistler EmptyRe: Infected with Bootkit Whistler

more_horiz
- 2010-06-23 10:17 . 2010-06-23 10:17 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-10-04 10:33 . 2010-10-04 10:33 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-10-04 10:33 . 2010-10-04 10:33 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-06-23 10:17 . 2010-06-23 10:17 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-06-23 10:17 . 2010-06-23 10:17 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-10-04 10:33 . 2010-10-04 10:33 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-06-23 10:17 . 2010-06-23 10:17 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-10-04 10:34 . 2010-10-04 10:34 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-10-04 10:34 . 2010-10-04 10:34 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-06-23 10:17 . 2010-06-23 10:17 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-10-04 10:34 . 2010-10-04 10:34 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2010-06-23 10:17 . 2010-06-23 10:17 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-10-04 10:34 . 2010-10-04 10:34 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-06-23 10:17 . 2010-06-23 10:17 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-06-23 10:17 . 2010-06-23 10:17 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-10-04 10:34 . 2010-10-04 10:34 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-06-23 10:17 . 2010-06-23 10:17 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-10-04 10:34 . 2010-10-04 10:34 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-06-23 10:17 . 2010-06-23 10:17 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-10-04 10:33 . 2010-10-04 10:33 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-10-04 10:33 . 2010-10-04 10:33 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-06-23 10:17 . 2010-06-23 10:17 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-06-23 10:17 . 2010-06-23 10:17 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-10-04 10:34 . 2010-10-04 10:34 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-06-23 10:17 . 2010-06-23 10:17 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-10-04 10:34 . 2010-10-04 10:34 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-06-23 10:17 . 2010-06-23 10:17 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-10-04 10:34 . 2010-10-04 10:34 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-06-23 10:17 . 2010-06-23 10:17 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-10-04 10:34 . 2010-10-04 10:34 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2010-06-23 10:17 . 2010-06-23 10:17 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-10-04 10:33 . 2010-10-04 10:33 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-10-04 10:33 . 2010-10-04 10:33 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-06-23 10:17 . 2010-06-23 10:17 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-06-23 10:17 . 2010-06-23 10:17 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-10-04 10:33 . 2010-10-04 10:33 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-10-04 10:09 . 2010-10-04 10:09 609160 c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Client.Internal.Host\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.dll
- 2010-06-23 10:17 . 2010-06-23 10:17 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-10-04 10:33 . 2010-10-04 10:33 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-06-23 10:17 . 2010-06-23 10:17 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-10-04 10:34 . 2010-10-04 10:34 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-06-23 10:17 . 2010-06-23 10:17 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-10-04 10:34 . 2010-10-04 10:34 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-06-23 10:17 . 2010-06-23 10:17 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-10-04 10:33 . 2010-10-04 10:33 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-06-23 10:17 . 2010-06-23 10:17 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-10-04 10:34 . 2010-10-04 10:34 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-10-04 10:34 . 2010-10-04 10:34 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-06-23 10:17 . 2010-06-23 10:17 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-10-04 10:34 . 2010-10-04 10:34 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-06-23 10:17 . 2010-06-23 10:17 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-06-23 10:17 . 2010-06-23 10:17 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-10-04 10:34 . 2010-10-04 10:34 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-10-04 10:09 . 2010-10-04 10:09 118176 c:\windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll
+ 2010-10-04 10:08 . 2010-10-04 10:08 423784 c:\windows\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2010-10-04 10:08 . 2010-10-04 10:08 870256 c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2010-10-04 10:10 . 2010-10-04 10:10 350064 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2010-10-04 10:08 . 2010-10-04 10:08 149352 c:\windows\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
+ 2003-03-31 19:00 . 2010-06-23 13:44 1851904 c:\windows\system32\win32k.sys
+ 2003-03-31 19:00 . 2010-06-24 12:15 1168384 c:\windows\system32\urlmon.dll
- 2003-03-31 19:00 . 2010-05-04 17:20 1168384 c:\windows\system32\urlmon.dll
+ 2003-03-31 19:00 . 2010-07-27 06:30 8462336 c:\windows\system32\shell32.dll
- 2003-03-31 19:00 . 2010-02-17 14:10 2189952 c:\windows\system32\ntoskrnl.exe
+ 2003-03-31 19:00 . 2010-04-28 02:25 2189952 c:\windows\system32\ntoskrnl.exe
- 2002-08-29 01:04 . 2010-02-16 13:25 2066816 c:\windows\system32\ntkrnlpa.exe
+ 2002-08-29 01:04 . 2010-04-27 13:05 2066816 c:\windows\system32\ntkrnlpa.exe
- 2003-03-31 19:00 . 2009-07-31 04:35 1172480 c:\windows\system32\msxml3.dll
+ 2003-03-31 19:00 . 2010-06-14 07:41 1172480 c:\windows\system32\msxml3.dll
+ 2003-03-31 19:00 . 2010-06-24 12:15 3600896 c:\windows\system32\mshtml.dll
+ 2006-11-08 02:03 . 2010-06-24 12:15 6067200 c:\windows\system32\ieframe.dll
- 2006-11-08 02:03 . 2010-05-04 17:20 6067200 c:\windows\system32\ieframe.dll
+ 2008-11-21 04:06 . 2008-11-21 04:06 1194848 c:\windows\system32\FM20.DLL
+ 2008-12-11 02:55 . 2010-06-23 13:44 1851904 c:\windows\system32\dllcache\win32k.sys
- 2007-01-25 12:48 . 2010-05-04 17:20 1168384 c:\windows\system32\dllcache\urlmon.dll
+ 2007-01-25 12:48 . 2010-06-24 12:15 1168384 c:\windows\system32\dllcache\urlmon.dll
+ 2008-06-17 19:02 . 2010-07-27 06:30 8462336 c:\windows\system32\dllcache\shell32.dll
+ 2008-12-11 02:54 . 2010-04-28 02:25 2189952 c:\windows\system32\dllcache\ntoskrnl.exe
- 2008-12-11 02:54 . 2010-02-17 14:10 2189952 c:\windows\system32\dllcache\ntoskrnl.exe
- 2008-12-11 02:54 . 2010-02-16 13:25 2024448 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-12-11 02:54 . 2010-04-27 13:05 2024448 c:\windows\system32\dllcache\ntkrpamp.exe
- 2008-12-11 02:54 . 2010-02-16 13:25 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-12-11 02:54 . 2010-04-27 13:05 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2008-12-11 02:54 . 2010-02-16 14:08 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-12-11 02:54 . 2010-04-27 13:59 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-12-11 02:53 . 2010-06-14 07:41 1172480 c:\windows\system32\dllcache\msxml3.dll
- 2008-12-11 02:53 . 2009-07-31 04:35 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2007-01-04 13:36 . 2010-06-24 12:15 3600896 c:\windows\system32\dllcache\mshtml.dll
+ 2010-03-11 11:42 . 2010-06-18 13:36 3558912 c:\windows\system32\dllcache\moviemk.exe
- 2010-03-11 11:42 . 2009-10-23 15:28 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2007-05-08 22:42 . 2010-06-24 12:15 6067200 c:\windows\system32\dllcache\ieframe.dll
- 2007-05-08 22:42 . 2010-05-04 17:20 6067200 c:\windows\system32\dllcache\ieframe.dll
- 2009-08-08 04:51 . 2009-08-08 04:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2010-05-11 11:40 . 2010-05-11 11:40 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2010-05-11 11:40 . 2010-05-11 11:40 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2009-02-26 00:08 . 2009-02-26 00:08 8311808 c:\windows\Installer\a81673.msp
+ 2009-04-04 22:10 . 2009-04-04 22:10 1282560 c:\windows\Installer\a8165c.msp
+ 2009-04-04 22:10 . 2009-04-04 22:10 7888384 c:\windows\Installer\a81653.msp
+ 2009-04-04 22:10 . 2009-04-04 22:10 9926144 c:\windows\Installer\a81648.msp
+ 2009-04-04 15:14 . 2009-04-04 15:14 1094656 c:\windows\Installer\a81465.msp
+ 2010-08-19 22:57 . 2010-08-19 22:57 3395584 c:\windows\Installer\a81458.msp
+ 2008-04-24 02:18 . 2010-10-04 10:22 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-04-24 02:18 . 2008-04-24 02:18 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-04-24 02:18 . 2008-04-24 02:18 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-04-24 02:18 . 2010-10-04 10:22 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2006-10-26 19:05 . 2006-10-26 19:05 1181520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XIMAGE3B.DLL
+ 2006-10-27 20:11 . 2006-10-27 20:11 4235560 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WRD12CNV.DLL
+ 2006-10-27 03:58 . 2006-10-27 03:58 3732792 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VVIEWER.DLL
+ 2006-10-27 04:00 . 2006-10-27 04:00 1841984 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VVIEWDWG.DLL
+ 2006-09-30 05:42 . 2006-09-30 05:42 2583344 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VBE6.DLL
+ 2006-10-27 19:57 . 2006-10-27 19:57 2330968 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\STSLIST.DLL
+ 2006-10-27 00:52 . 2006-10-27 00:52 2012480 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPTVIEW.EXE
+ 2006-10-27 20:04 . 2006-10-27 20:04 7980848 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPCORE.DLL
+ 2006-09-15 21:25 . 2006-09-15 21:25 3611416 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLFLTR.DAT
+ 2006-10-27 01:07 . 2006-10-27 01:07 6536992 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OSETUP.DLL
+ 2006-10-27 20:03 . 2006-10-27 20:03 6579512 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONMAIN.DLL
+ 2006-10-27 01:24 . 2006-10-27 01:24 1165112 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONLIBS.DLL
+ 2006-10-27 20:03 . 2006-10-27 20:03 1018664 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONENOTE.EXE
+ 2006-10-27 20:16 . 2006-10-27 20:16 2939704 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OLMAPI32.DLL
+ 2006-10-27 20:18 . 2006-10-27 20:18 1658152 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OGL.DLL
+ 2006-10-27 01:14 . 2006-10-27 01:14 7033152 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OFFOWC.DLL
+ 2006-10-27 01:42 . 2006-10-27 01:42 8423224 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OARTCONV.DLL
+ 2006-10-26 19:47 . 2006-10-26 19:47 1512304 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\NLSD0000.DLL
+ 2006-10-27 20:04 . 2006-10-27 20:04 9581360 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSPUB.EXE
+ 2006-10-27 00:58 . 2006-10-27 00:58 1057632 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSPCORE.DLL
+ 2006-10-27 01:00 . 2006-10-27 01:00 6635320 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSORES.DLL
+ 2006-10-27 20:10 . 2006-10-27 20:10 5281592 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPEDITOR.DLL
+ 2006-10-27 20:10 . 2006-10-27 20:10 5456704 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPDESIGN.DLL
+ 2006-10-27 20:10 . 2006-10-27 20:10 1439032 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\INFOPATH.EXE
+ 2006-10-27 20:37 . 2006-10-27 20:37 1396008 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEUIFRAMEWORK.DLL
+ 2006-10-27 20:38 . 2006-10-27 20:38 4746536 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVETRANSCEIVER.DLL
+ 2006-10-27 20:37 . 2006-10-27 20:37 1163048 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVETEXTTOOLS.DLL
+ 2006-10-27 20:37 . 2006-10-27 20:37 2738472 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESTORAGEMGR.DLL
+ 2006-10-27 05:48 . 2006-10-27 05:48 2210608 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESHELLEXTENSIONS.DLL
+ 2006-10-27 20:38 . 2006-10-27 20:38 7053096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVERESOURCE.DLL
+ 2006-10-27 05:48 . 2006-10-27 05:48 1555232 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEMISC.DLL
+ 2006-10-27 20:37 . 2006-10-27 20:37 3071288 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEDOCUMENTSHARETOOL.DLL
+ 2006-10-27 20:37 . 2006-10-27 20:37 1359648 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECRYPTO.DLL
+ 2006-10-27 20:38 . 2006-10-27 20:38 3508544 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECOMMUNICATIONSSERVICES.DLL
+ 2006-10-27 20:37 . 2006-10-27 20:37 2689336 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECOMMONCOMPONENTS.DLL
+ 2006-10-27 20:38 . 2006-10-27 20:38 6191400 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEACCOUNTMGR.DLL
+ 2006-10-27 01:02 . 2006-10-27 01:02 2526520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GRAPH.EXE
+ 2006-10-27 00:21 . 2006-10-27 00:21 1682232 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FPSRVUTL.DLL
+ 2006-10-26 19:10 . 2006-10-26 19:10 1190688 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FM20.DLL
+ 2008-04-24 02:16 . 2008-04-24 02:16 1276720 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EXCELPIA.DLL
+ 2006-10-27 20:00 . 2006-10-27 20:00 1751904 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACECORE.DLL
+ 2006-10-27 00:49 . 2006-10-27 00:49 1011488 c:\windows\Installer\$PatchCache$\Managed\00002109010090400000000000F01FEC\12.0.4518\MSDAIPP.DLL
+ 2010-10-04 10:36 . 2010-05-04 17:20 1168384 c:\windows\ie7updates\KB2183461-IE7\urlmon.dll
+ 2010-10-04 10:36 . 2010-05-04 17:20 3600384 c:\windows\ie7updates\KB2183461-IE7\mshtml.dll
+ 2010-10-04 10:36 . 2010-05-04 17:20 6067200 c:\windows\ie7updates\KB2183461-IE7\ieframe.dll
- 2008-12-11 02:54 . 2010-02-17 14:10 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-12-11 02:54 . 2010-04-28 02:25 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2008-12-11 02:54 . 2010-02-16 13:25 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-12-11 02:54 . 2010-04-27 13:05 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-12-11 02:54 . 2010-04-27 13:05 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2008-12-11 02:54 . 2010-02-16 13:25 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-12-11 02:54 . 2010-04-27 13:59 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2008-12-11 02:54 . 2010-02-16 14:08 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-10-04 10:36 . 2010-10-04 10:36 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cec7ecb8eac09dd630d180ce87d23b80\WindowsBase.ni.dll
+ 2010-10-04 10:40 . 2010-10-04 10:40 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\b7f6e7b265f9aae807ddc4284563e550\UIAutomationClientsideProviders.ni.dll
+ 2010-10-04 10:35 . 2010-10-04 10:35 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c\System.ni.dll
+ 2010-10-04 10:40 . 2010-10-04 10:40 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\a6dbe24cbfe3ab6b318ed3095cc572d8\System.Xml.ni.dll
+ 2010-10-04 10:40 . 2010-10-04 10:40 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\5eb08849d17b272ed2a393420cb0305b\System.Speech.ni.dll
+ 2010-10-04 10:40 . 2010-10-04 10:40 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\99767d4df92b83fdfb06012512722ec1\System.Printing.ni.dll
+ 2010-10-04 10:40 . 2010-10-04 10:40 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dcc0244092fe52e6885b50be25ef3b31\System.Drawing.ni.dll
+ 2010-10-04 10:39 . 2010-10-04 10:39 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f04ef00e652a8655a717639e8aeb7b63\System.Data.ni.dll
+ 2010-10-04 10:40 . 2010-10-04 10:40 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c18c236a09e715138daec2e25be205bb\System.Data.Linq.ni.dll
+ 2010-10-04 10:39 . 2010-10-04 10:39 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\faeda674832135a080bc73eda51813ff\System.Core.ni.dll
+ 2010-10-04 10:39 . 2010-10-04 10:39 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\3e85c3d63ce3c3f37061aa626feb2a52\ReachFramework.ni.dll
+ 2010-10-04 10:39 . 2010-10-04 10:39 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\bf67db30179ff6e8cb1bdbaa290d122e\PresentationUI.ni.dll
+ 2010-10-04 10:35 . 2010-10-04 10:35 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\835786d8a0caabae09ad440f6e3abfc6\PresentationBuildTasks.ni.dll
- 2010-06-23 10:17 . 2010-06-23 10:17 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-10-04 10:34 . 2010-10-04 10:34 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-10-04 10:33 . 2010-10-04 10:33 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2010-06-23 10:17 . 2010-06-23 10:17 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2010-06-23 10:17 . 2010-06-23 10:17 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-10-04 10:33 . 2010-10-04 10:33 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-06-23 10:17 . 2010-06-23 10:17 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-10-04 10:33 . 2010-10-04 10:33 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-10-04 10:33 . 2010-10-04 10:33 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-06-23 10:17 . 2010-06-23 10:17 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-10-04 10:34 . 2010-10-04 10:34 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-06-23 10:17 . 2010-06-23 10:17 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-10-04 10:34 . 2010-10-04 10:34 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-10-04 10:09 . 2010-10-04 10:09 1279848 c:\windows\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
+ 2007-03-14 21:33 . 2010-09-10 19:34 35552200 c:\windows\system32\MRT.exe
+ 2010-05-19 18:08 . 2010-05-19 18:08 11408896 c:\windows\Installer\a81675.msp
+ 2009-04-04 22:09 . 2009-04-04 22:09 15190016 c:\windows\Installer\a81487.msp
+ 2009-04-04 16:36 . 2009-04-04 16:36 21390848 c:\windows\Installer\a81466.msp
+ 2010-05-19 18:08 . 2010-05-19 18:08 11408896 c:\windows\Installer\2bc18.msp
+ 2006-10-27 02:13 . 2006-10-27 02:13 14674216 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XL12CNV.EXE
+ 2006-10-27 20:23 . 2006-10-27 20:23 17483560 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WWLIB.DLL
+ 2006-10-27 20:16 . 2006-10-27 20:16 12813096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLOOK.EXE
+ 2006-10-27 20:14 . 2006-10-27 20:14 14151456 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OART.DLL
+ 2006-10-27 20:26 . 2006-10-27 20:26 16870712 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSO.DLL
+ 2006-10-27 20:01 . 2006-10-27 20:01 10371880 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSACCESS.EXE
+ 2006-10-27 20:07 . 2006-10-27 20:07 17891112 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EXCEL.EXE
+ 2010-10-04 10:40 . 2010-10-04 10:40 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\439c466b60614915587c5273eaf0ca7f\System.Windows.Forms.ni.dll
+ 2010-10-04 10:40 . 2010-10-04 10:40 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\b307acf63075b997d02a97a7492d0d9c\System.Design.ni.dll
+ 2010-10-04 10:39 . 2010-10-04 10:39 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a632f3ef85ffd35341b383eed577cb93\PresentationFramework.ni.dll
+ 2010-10-04 10:38 . 2010-10-04 10:38 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f00db8db51f5707c7fe52c0683dc6136\PresentationCore.ni.dll
+ 2010-10-04 10:35 . 2010-10-04 10:35 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll
+ 2009-04-04 22:08 . 2009-04-04 22:08 343058432 c:\windows\Installer\a8163c.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 118784]
"hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
2007-01-19 17:49 49152 ----a-w- c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2005-08-12 19:43 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
2007-07-17 16:03 868352 ------w- c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link Wireless G WDA-1320]
2007-08-29 21:16 1662976 ----a-w- c:\program files\D-Link\Wireless G WDA-1320\AirGCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Echovoice Gamer Statistics]
2006-11-28 21:52 53248 ----a-w- c:\program files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 21:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2007-09-21 09:10 55824 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
2007-09-21 09:10 55824 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 20:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 03:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-02-26 08:53 65024 ----a-w- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 17:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"helpsvc"=2 (0x2)
"CCALib8"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"YahooAUService"=2 (0x2)
"Bonjour Service"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\KODAK\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
"d:\\Program Files\\TeamViewer3\\TeamViewer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57441:TCP"= 57441:TCP:Pando Media Booster
"57441:UDP"= 57441:UDP:Pando Media Booster
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
"6966:TCP"= 6966:TCP:League of Legends Launcher
"6966:UDP"= 6966:UDP:League of Legends Launcher
"6894:TCP"= 6894:TCP:League of Legends Launcher
"6894:UDP"= 6894:UDP:League of Legends Launcher
"6923:TCP"= 6923:TCP:League of Legends Launcher
"6923:UDP"= 6923:UDP:League of Legends Launcher
"6915:TCP"= 6915:TCP:League of Legends Launcher
"6915:UDP"= 6915:UDP:League of Legends Launcher
"6967:TCP"= 6967:TCP:League of Legends Launcher
"6967:UDP"= 6967:UDP:League of Legends Launcher
"6927:TCP"= 6927:TCP:League of Legends Launcher
"6927:UDP"= 6927:UDP:League of Legends Launcher
"6968:TCP"= 6968:TCP:League of Legends Launcher
"6968:UDP"= 6968:UDP:League of Legends Launcher
"8380:TCP"= 8380:TCP:League of Legends Launcher
"8380:UDP"= 8380:UDP:League of Legends Launcher
"6895:TCP"= 6895:TCP:League of Legends Launcher
"6895:UDP"= 6895:UDP:League of Legends Launcher
"6951:TCP"= 6951:TCP:League of Legends Launcher
"6951:UDP"= 6951:UDP:League of Legends Launcher
"6911:TCP"= 6911:TCP:League of Legends Launcher
"6911:UDP"= 6911:UDP:League of Legends Launcher
"6937:TCP"= 6937:TCP:League of Legends Launcher
"6937:UDP"= 6937:UDP:League of Legends Launcher
"6980:TCP"= 6980:TCP:League of Legends Launcher
"6980:UDP"= 6980:UDP:League of Legends Launcher
"6925:TCP"= 6925:TCP:League of Legends Launcher
"6925:UDP"= 6925:UDP:League of Legends Launcher

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 4:27 PM 25680]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [3/7/2007 11:59 AM 77312]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/3/2010 3:06 AM 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/3/2010 3:06 AM 17744]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [12/10/2008 9:48 PM 57376]
S1 amdtools;AMD Special Tools Driver;c:\windows\system32\DRIVERS\amdtools.sys --> c:\windows\system32\DRIVERS\amdtools.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/19/2010 12:41 PM 136176]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [12/10/2008 9:48 PM 547744]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\D-Link\Wireless G WDA-1320\JSWUtil\jswpsapi.exe [12/10/2008 9:48 PM 352338]
S3 PIXMCV;JVC Communication PIX-MCV Driver;c:\windows\system32\drivers\pixmcvc.sys [11/19/2007 9:23 AM 32000]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/25/2007 6:22 PM 685816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-09-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

2008-12-13 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4206817551.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 22:56]

2010-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-19 17:41]

2010-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-19 17:41]

2010-10-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-179605362-839522115-1004Core.job
- c:\documents and settings\Jaco\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-23 22:02]

2010-10-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-179605362-839522115-1004UA.job
- c:\documents and settings\Jaco\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-23 22:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://dsl.sbc.yahoo.com/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;localhost
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Jaco\Application Data\Mozilla\Firefox\Profiles\ol583pcy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\Jaco\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\Jaco\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(general.useragent.extra.zencast, Creative ZENcast v2.01.01c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil10e.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-04 18:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1052)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-10-04 18:53:42
ComboFix-quarantined-files.txt 2010-10-04 23:53
ComboFix2.txt 2010-10-04 04:26
ComboFix3.txt 2010-10-03 05:52

Pre-Run: 261,153,210,368 bytes free
Post-Run: 261,126,496,256 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 2EF3E934CFA1091A1C4FFE736C0AF3CF

descriptionInfected with Bootkit Whistler EmptyRe: Infected with Bootkit Whistler

more_horiz
Hello.

Download Bootkit Remover to your Desktop.

  • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
  • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL C
  • Open a Notepad and press CTRL V
  • Post the output back here.

descriptionInfected with Bootkit Whistler EmptyRe: Infected with Bootkit Whistler

more_horiz
Here is the log from bootkit remover:

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
ATA_Read(): DeviceIoControl() ERROR 1
Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...

descriptionInfected with Bootkit Whistler EmptyRe: Infected with Bootkit Whistler

more_horiz
Hello

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

descriptionInfected with Bootkit Whistler EmptyRe: Infected with Bootkit Whistler

more_horiz
I couldn't open it in Internet Explorer, because I guess I have (Internet Explorer with no add-ons) or something, which prevented ESET from opening. If it's necessary to run it in Internet Explorer, maybe you could tell me how I could fix that. But for now, I just ran it using Mozilla Firefox.

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=74c0594d2f1d7443a722e7b2b6f0cd1a
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-05 02:52:16
# local_time=2010-10-05 09:52:16 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=254190
# found=3
# cleaned=3
# scan_time=7630
C:\Qoobox\Quarantine\C\WINDOWS\cleanmgr.exe.vir a variant of Win32/Kryptik.HEO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{346E9D76-3B9E-4105-9AFE-2245FA8B62DA}\RP673\A0195465.exe a variant of Win32/Kryptik.HEO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{346E9D76-3B9E-4105-9AFE-2245FA8B62DA}\RP677\A0197808.exe probably a variant of Win32/Agent.HZHBURL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

descriptionInfected with Bootkit Whistler EmptyRe: Infected with Bootkit Whistler

more_horiz
Hello.

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

How is the machine running now?

descriptionInfected with Bootkit Whistler EmptyRe: Infected with Bootkit Whistler

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum