Solved Win32:Inject=XP[trj]

[al davis]

+ 2006-02-28 12:00 . 2010-02-16 13:19 2181376 c:\windows\system32\ntoskrnl.exe
+ 2004-08-03 22:59 . 2010-02-16 12:39 2058368 c:\windows\system32\ntkrnlpa.exe
+ 2009-08-19 22:07 . 2009-08-19 22:07 1415000 c:\windows\system32\msxml6.dll
+ 2009-07-21 05:05 . 2009-07-21 05:05 1348432 c:\windows\system32\msxml4.dll
+ 2006-02-28 12:00 . 2009-07-31 04:57 1172480 c:\windows\system32\msxml3.dll
+ 2006-02-28 12:00 . 2010-04-16 15:36 3065344 c:\windows\system32\mshtml.dll
+ 2006-02-28 12:00 . 2010-04-08 18:53 2113536 c:\windows\system32\dllcache\WMVCore.dll
+ 2006-02-28 12:00 . 2010-02-16 12:27 4734976 c:\windows\system32\dllcache\wmp.dll
+ 2006-02-28 12:00 . 2008-06-10 23:18 1053696 c:\windows\system32\dllcache\WMNetmgr.dll
+ 2006-02-28 12:00 . 2010-05-02 05:56 1850880 c:\windows\system32\dllcache\win32k.sys
+ 2006-02-28 12:00 . 2008-07-03 13:16 8454656 c:\windows\system32\dllcache\shell32.dll
+ 2006-02-28 12:00 . 2010-04-16 15:36 1506304 c:\windows\system32\dllcache\shdocvw.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 1435648 c:\windows\system32\dllcache\query.dll
+ 2006-02-28 12:00 . 2009-07-17 16:27 1435648 c:\windows\system32\dllcache\query.dll
+ 2006-02-28 12:00 . 2010-02-05 18:40 1291264 c:\windows\system32\dllcache\quartz.dll
+ 2006-02-28 12:00 . 2009-07-31 04:57 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2008-07-30 14:32 . 2010-01-29 15:08 1315840 c:\windows\system32\dllcache\msoe.dll
+ 2006-02-28 12:00 . 2010-04-16 15:36 3065344 c:\windows\system32\dllcache\mshtml.dll
+ 2008-07-30 14:33 . 2009-10-23 14:27 3555328 c:\windows\system32\dllcache\moviemk.exe
- 2008-07-30 14:33 . 2006-02-28 12:00 3555328 c:\windows\system32\dllcache\moviemk.exe
+ 2006-02-28 12:00 . 2010-04-16 15:36 1054208 c:\windows\system32\dllcache\danim.dll
+ 2006-02-28 12:00 . 2010-04-16 15:36 1023488 c:\windows\system32\dllcache\browseui.dll
+ 2009-11-07 06:06 . 2009-11-07 06:06 1130824 c:\windows\system32\dfshim.dll
+ 2006-02-28 12:00 . 2010-04-16 15:36 1054208 c:\windows\system32\danim.dll
+ 2006-02-28 12:00 . 2010-04-16 15:36 1023488 c:\windows\system32\browseui.dll
+ 2008-12-06 00:35 . 2008-12-06 00:35 1736528 c:\windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll
+ 2010-04-08 04:48 . 2010-04-08 04:48 5967872 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2008-11-25 09:59 . 2008-11-25 09:59 2048000 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
- 2008-07-25 16:17 . 2008-07-25 16:17 2048000 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2010-03-23 10:32 . 2010-03-23 10:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-03-23 10:32 . 2010-03-23 10:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2009-08-08 04:51 . 2009-08-08 04:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2008-07-25 16:17 . 2008-07-25 16:17 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2009-08-08 04:51 . 2009-08-08 04:51 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2010-04-01 16:42 . 2010-04-01 16:42 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2010-04-01 16:42 . 2010-04-01 16:42 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2010-03-31 19:50 . 2010-03-31 19:50 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-03-31 19:50 . 2010-03-31 19:50 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2010-04-01 16:42 . 2010-04-01 16:42 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2008-12-13 14:57 . 2008-12-13 14:57 8397824 c:\windows\Installer\4f3ea9.msp
+ 2009-11-09 05:25 . 2009-11-09 05:25 1935360 c:\windows\Installer\4f3e80.msp
+ 2010-04-12 03:17 . 2010-04-12 03:17 2607104 c:\windows\Installer\4f3e48.msp
+ 2010-04-12 03:17 . 2010-04-12 03:17 4210688 c:\windows\Installer\4f3e47.msp
+ 2010-10-07 12:01 . 2010-10-07 12:01 1094656 c:\windows\Installer\3145f84.msi
+ 2010-10-06 16:52 . 2010-02-16 13:19 2181376 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2010-10-06 16:52 . 2010-02-16 12:39 2016768 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2010-10-06 16:52 . 2010-02-16 12:39 2058368 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2010-10-06 16:52 . 2010-02-16 13:17 2137088 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-10-06 21:23 . 2010-10-06 21:23 4468736 c:\windows\assembly\NativeImages1_v1.1.4322\vjslib\1.0.5000.0__b03f5f7f11d50a3a_fc651a47\vjslib.dll
+ 2010-10-06 21:24 . 2010-10-06 21:24 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_ef163c60\System.dll
+ 2010-10-06 21:20 . 2010-10-06 21:20 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_88e303dd\System.dll
+ 2010-10-06 21:25 . 2010-10-06 21:25 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_f126bd20\System.Xml.dll
+ 2010-10-06 21:22 . 2010-10-06 21:22 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_66563327\System.Xml.dll
+ 2010-10-06 21:25 . 2010-10-06 21:25 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_c2e2a093\System.Windows.Forms.dll
+ 2010-10-06 21:22 . 2010-10-06 21:22 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_c13fa229\System.Windows.Forms.dll
+ 2010-10-06 21:25 . 2010-10-06 21:25 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_8d35562b\System.Drawing.dll
+ 2010-10-06 21:22 . 2010-10-06 21:22 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_d11b5020\System.Design.dll
+ 2010-10-06 21:25 . 2010-10-06 21:25 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_ae288225\System.Design.dll
+ 2010-10-06 21:26 . 2010-10-06 21:26 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_a95f7875\mscorlib.dll
+ 2010-10-06 21:23 . 2010-10-06 21:23 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_7bfbaf58\mscorlib.dll
+ 2010-10-06 21:24 . 2010-10-06 21:24 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d63164ac4ed5adabc6a1b0fdf07eee05\WindowsBase.ni.dll
+ 2010-10-06 21:26 . 2010-10-06 21:26 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\d8549ce90b26cdc3071224ab6f020189\UIAutomationClientsideProviders.ni.dll
+ 2010-10-06 21:24 . 2010-10-06 21:24 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll
+ 2010-10-06 21:26 . 2010-10-06 21:26 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\563a54b98adb70fae862974042298348\System.Xml.ni.dll
+ 2010-10-06 21:32 . 2010-10-06 21:32 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\016b75f60a18535c8d6b3e5d861ab559\System.WorkflowServices.ni.dll
+ 2010-10-06 21:32 . 2010-10-06 21:32 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6dacae37d337004345518976fb57099e\System.Workflow.Runtime.ni.dll
+ 2010-10-06 21:32 . 2010-10-06 21:32 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\c7b832bbc5bb11c6c7f128c801ce90d7\System.Workflow.ComponentModel.ni.dll
+ 2010-10-06 21:31 . 2010-10-06 21:31 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\b9ea6ea910293cd6f13f765775867ebd\System.Workflow.Activities.ni.dll
+ 2010-10-06 21:31 . 2010-10-06 21:31 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\8ef8d556899a4a10b7f288a80925489f\System.Web.Services.ni.dll
+ 2010-10-06 21:31 . 2010-10-06 21:31 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\5dfda43f1991ee6ba345d62b2be4801c\System.Web.Mobile.ni.dll
+ 2010-10-06 21:31 . 2010-10-06 21:31 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f08b3b8cdf548e3dfe61f342536175eb\System.Web.Extensions.ni.dll
+ 2010-10-06 21:31 . 2010-10-06 21:31 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\2d6a5dbee4506bf643b853e41668afa3\System.Speech.ni.dll
+ 2010-10-06 21:31 . 2010-10-06 21:31 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\169fe0ad9d59982a2a6b89779c09885b\System.ServiceModel.Web.ni.dll
+ 2010-10-06 21:27 . 2010-10-06 21:27 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8b2710a63ecd363315ef16b257588b95\System.Runtime.Serialization.ni.dll
+ 2010-10-06 21:25 . 2010-10-06 21:25 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\af217ef58e5558991f331d482c2bdba6\System.Printing.ni.dll
+ 2010-10-06 21:27 . 2010-10-06 21:27 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\ad4fb86064d7a1ebcb9ee997e7208ac1\System.IdentityModel.ni.dll
+ 2010-10-06 21:25 . 2010-10-06 21:25 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f3440ea00eb3c40dc073b2fe03843638\System.Drawing.ni.dll
+ 2010-10-06 21:31 . 2010-10-06 21:31 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7deab2494d53763cd83c567e71e0d8e0\System.DirectoryServices.ni.dll
+ 2010-10-06 21:31 . 2010-10-06 21:31 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\b81efadfee7702624b713c6d86f7e369\System.Deployment.ni.dll
+ 2010-10-06 21:25 . 2010-10-06 21:25 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\50130ef751b98a4a11bd4ab73af7cab5\System.Data.ni.dll
+ 2010-10-06 21:28 . 2010-10-06 21:28 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f71abf392c5ca05a4e46a5d1c4c72856\System.Data.SqlXml.ni.dll
+ 2010-10-06 21:31 . 2010-10-06 21:31 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\5e6311aff5ada83d0f854922fa62faf6\System.Data.Services.ni.dll
+ 2010-10-06 21:25 . 2010-10-06 21:25 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c3ba3367d03779ad6e76c5d4cdfe572a\System.Data.Linq.ni.dll
+ 2010-10-06 21:31 . 2010-10-06 21:31 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6abf820d8ec57a0561c3367727d274df\System.Data.Entity.ni.dll
+ 2010-10-06 21:25 . 2010-10-06 21:25 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\e98726349766935ec0e9b980f19a046a\System.Core.ni.dll
+ 2010-10-06 21:25 . 2010-10-06 21:25 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\57abb757c1f38586390dcc63bf056322\ReachFramework.ni.dll
+ 2010-10-06 21:25 . 2010-10-06 21:25 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\0095ba60255d4addaf5b8ebee697a027\PresentationUI.ni.dll
+ 2010-10-06 21:24 . 2010-10-06 21:24 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\20ef773b20f6ce721ae60e5c2c2e8f80\PresentationBuildTasks.ni.dll
+ 2010-10-06 21:30 . 2010-10-06 21:30 2855424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\7f7c82f3b1be95a82438bb1127c7cc5a\Microsoft.Windows.Design.Developer.ni.dll
+ 2010-10-06 21:30 . 2010-10-06 21:30 3152384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\3b8d73fee66ae4b0165add0e2c223c91\Microsoft.Windows.Design.Markup.ni.dll
+ 2010-10-06 21:29 . 2010-10-06 21:29 2383360 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\e56be6c9d9a709c552beb85ba9fd0cd3\Microsoft.VisualStudio.Modeling.Sdk.Diagrams.ni.dll
+ 2010-10-06 21:29 . 2010-10-06 21:29 1824768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\c7067c25223845e7ed2111569697237b\Microsoft.VisualStudio.Modeling.Diagrams.ni.dll
+ 2010-10-06 21:29 . 2010-10-06 21:29 1167872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\c5cf4570c072cafe918d84721e6017d1\Microsoft.VisualStudio.EnterpriseTools.Shell.ni.dll
+ 2010-10-06 21:29 . 2010-10-06 21:29 6605312 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\bc03aff5560a30151500b127b08f7661\Microsoft.VisualStudio.Editors.ni.dll
+ 2010-10-06 21:29 . 2010-10-06 21:29 2181632 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\aec1fba09f942d122f49bd6d0446bc07\Microsoft.VisualStudio.Modeling.ni.dll
+ 2010-10-06 21:30 . 2010-10-06 21:30 1181696 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\a25719e81ffbd7374e6269feca52e7e8\Microsoft.VisualStudio.Windows.Forms.ni.dll
+ 2010-10-06 21:29 . 2010-10-06 21:29 3254272 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\92191448cc8de9fbc310bd66f911f89c\Microsoft.VisualStudio.EnterpriseTools.TypeSystem.ni.dll
+ 2010-10-06 21:29 . 2010-10-06 21:29 1873920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\675a318b9578a421e82d102eb2b3c1a1\Microsoft.VisualStudio.CommonIDE.ni.dll
+ 2010-10-06 21:29 . 2010-10-06 21:29 1362432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\5aa967679e1bd942d9304fe66f827df8\Microsoft.VisualStudio.Modeling.Diagrams.GraphObject.ni.dll
+ 2010-10-06 21:29 . 2010-10-06 21:29 1515008 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\57b4974d90892019ad4684002bb71aae\Microsoft.VisualStudio.Modeling.Sdk.ni.dll
+ 2010-10-06 21:29 . 2010-10-06 21:29 1338880 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\4e1473e326094543113428145cb51742\Microsoft.VisualStudio.Modeling.Sdk.Diagrams.GraphObject.ni.dll
+ 2010-10-06 21:30 . 2010-10-06 21:30 3378688 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\3e1617a23f81f1195f64a22aea10ff18\Microsoft.VisualStudio.Xaml.ni.dll
+ 2010-10-06 21:29 . 2010-10-06 21:29 1007104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\2ee3a270551a8e718719f3a037dbecd2\Microsoft.VisualStudio.VirtualTreeGrid.ni.dll
+ 2010-10-06 21:29 . 2010-10-06 21:29 1443328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\2cfd52ab1f3d780dc19524d52dba362c\Microsoft.VisualStudio.Design.ni.dll
+ 2010-10-06 21:29 . 2010-10-06 21:29 2354176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\15be3cf890c9f6a3b7262586e0829d84\Microsoft.VisualStudio.EnterpriseTools.ClassDesigner.ni.dll
+ 2010-10-06 21:29 . 2010-10-06 21:29 4121088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\0d13b92463920d370351b6d124583048\Microsoft.VisualStudio.Modeling.ArtifactMapper.VSHost.ni.dll
+ 2010-10-06 21:29 . 2010-10-06 21:29 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\935b855860088a86bb65d37a19f059cc\Microsoft.VisualBasic.ni.dll
+ 2010-10-06 21:28 . 2010-10-06 21:28 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\7a266de493d30eed21cb60ebe300be53\Microsoft.Transactions.Bridge.ni.dll
+ 2010-10-06 21:28 . 2010-10-06 21:28 6115328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\a3e450cf765d3c17530fd5b47070e8b2\Microsoft.SqlServer.Smo.ni.dll
+ 2010-10-06 21:28 . 2010-10-06 21:28 1488384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\96d4c5fa5939a72d15028b4b94c5ce47\Microsoft.SqlServer.SqlEnum.ni.dll
+ 2010-10-06 21:28 . 2010-10-06 21:28 1125888 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\82a392d4493aa0bf235199b9b9a1a8e2\Microsoft.SqlServer.Management.Sdk.Sfc.ni.dll
+ 2010-10-06 21:31 . 2010-10-06 21:31 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\9db8f9f7fe63ca4451bb5316a3ebb009\Microsoft.JScript.ni.dll
+ 2010-10-06 21:28 . 2010-10-06 21:28 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\c96be82d6cb00367db4e3553272165ef\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-10-06 21:28 . 2010-10-06 21:28 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\3815de5b052187b5d9375681a6784255\Microsoft.Build.Tasks.ni.dll
+ 2010-10-06 21:28 . 2010-10-06 21:28 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\43fc6723d08e9ce88701c29653efd224\Microsoft.Build.Engine.ni.dll
+ 2010-10-06 21:13 . 2010-10-06 21:13 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll

 

[al davis]

+ 2010-10-06 21:23 . 2010-10-06 21:23 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2008-11-24 15:55 . 2008-11-24 15:55 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-10-06 21:23 . 2010-10-06 21:23 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-10-06 21:22 . 2010-10-06 21:22 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2008-11-24 15:55 . 2008-11-24 15:55 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-10-06 21:17 . 2010-10-06 21:17 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2008-11-24 15:58 . 2008-11-24 15:58 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2010-10-06 21:06 . 2010-10-06 21:06 5967872 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2010-10-06 21:22 . 2010-10-06 21:22 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2008-11-24 15:55 . 2008-11-24 15:55 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-10-06 21:13 . 2010-10-06 21:13 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2010-10-06 21:22 . 2010-10-06 21:22 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-10-06 21:23 . 2010-10-06 21:23 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2008-11-24 15:55 . 2008-11-24 15:55 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2008-11-24 15:57 . 2008-11-24 15:57 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2010-10-06 21:13 . 2010-10-06 21:13 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2008-11-24 15:55 . 2008-11-24 15:55 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-10-06 21:22 . 2010-10-06 21:22 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-10-06 21:19 . 2010-10-06 21:19 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2010-10-06 21:19 . 2010-10-06 21:19 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-04-03 00:29 . 2010-04-03 00:29 11413504 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp
+ 2009-08-15 01:32 . 2009-08-15 01:32 11110912 c:\windows\Installer\4f3ef0.msp
+ 2010-04-02 17:30 . 2010-04-02 17:30 17456640 c:\windows\Installer\4f3ed9.msp
+ 2008-12-13 15:21 . 2008-12-13 15:21 10473472 c:\windows\Installer\4f3eb2.msp
+ 2010-03-31 06:23 . 2010-03-31 06:23 15638528 c:\windows\Installer\4f3e8e.msp
+ 2010-04-12 03:17 . 2010-04-12 03:17 14599680 c:\windows\Installer\4f3e58.msp
+ 2010-10-06 21:26 . 2010-10-06 21:26 12165120 c:\windows\assembly\NativeImages1_v1.1.4322\vjslib\1.0.5000.0__b03f5f7f11d50a3a_c281f83d\vjslib.dll
+ 2010-10-06 21:25 . 2010-10-06 21:25 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\2dfe045e4b1577fdea9a2f456db0afc2\System.Windows.Forms.ni.dll
+ 2010-10-06 21:31 . 2010-10-06 21:31 11797504 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\d987cf1de4ba688da92e212a374232c2\System.Web.ni.dll
+ 2010-10-06 21:27 . 2010-10-06 21:27 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\8b74f2fe3f3632f95ff4ddb8c4839a1e\System.ServiceModel.ni.dll
+ 2010-10-06 21:25 . 2010-10-06 21:25 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\f352c5cb50bee105e4c873ca050f9f46\System.Design.ni.dll
+ 2010-10-06 21:25 . 2010-10-06 21:25 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\560662ada034afb6ec78a152bd9a47b5\PresentationFramework.ni.dll
+ 2010-10-06 21:24 . 2010-10-06 21:24 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\9f5dff344ac6ac923b5ade8ba1ab9382\PresentationCore.ni.dll
+ 2010-10-06 21:24 . 2010-10-06 21:24 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\al\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-10 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-18 148888]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImage\TrueImageMonitor.exe" [2006-06-01 1106562]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImage\TimounterMonitor.exe" [2006-06-01 1827640]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-06-01 126976]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-7-10 51984]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"69:UDP"= 69:UDP:TFTPD32

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10/1/2010 6:33 AM 114768]
R1 vcdrom;Virtual CD-ROM Device Driver;e:\vs_2008_proj\sp1\VCdRom.sys [12/19/2001 11:45 AM 8576]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/1/2010 6:33 AM 20560]
R3 PslIGvFilter;Prosilica GigE Filter Service;c:\windows\system32\drivers\psligvfilter.sys [7/31/2008 7:19 AM 26752]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 11:03 AM 135664]
.
Contents of the 'Scheduled Tasks' folder

2010-10-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-01 02:36]

2010-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 16:03]

2010-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 16:03]

2010-10-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-630328440-682003330-1003Core.job
- c:\documents and settings\al\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-10 14:58]

2010-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-630328440-682003330-1003UA.job
- c:\documents and settings\al\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-10 14:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/advanced_search?hl=en
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll
DPF: {C3CBFE35-9BE8-11D1-B31B-006008948294} - hxxps://intranet.argonst.com/org/OrgPubX.cab
.
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1172)
c:\windows\system32\relog_ap.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\documents and settings\al\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
.
**************************************************************************
.
Completion time: 2010-10-07 09:08:01 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-07 14:08
ComboFix2.txt 2010-10-06 16:50

Pre-Run: 82,082,578,432 bytes free
Post-Run: 82,085,920,768 bytes free

- - End Of File - - 453DCBAE5D3766419338F7020DDD1F6F

 

[al davis]

C:\Qoobox\Quarantine\C\WINDOWS\system32\userinit.exe.vir a variant of Win32/Kryptik.GXQ trojan
C:\System Volume Information\_restore{C68D029C-1818-433E-99E8-26F8520DAEF1}\RP1\A0002410.exe a variant of Win32/Kryptik.GXQ trojan
C:\System Volume Information\_restore{C68D029C-1818-433E-99E8-26F8520DAEF1}\RP1\A0002515.exe probably unknown NewHeur_PE virus
C:\_OTM\MovedFiles\10062010_143216\C_diff\ahs\console\charSet\Debug\charSet.exe probably unknown NewHeur_PE virus
C:\_OTM\MovedFiles\10062010_143216\C_diff\ahs_roll\console\charSet\Debug\charSet.exe probably unknown NewHeur_PE virus
C:\_OTM\MovedFiles\10062010_143216\C_Documents and Settings\al\Desktop\EudoraSave\Eudora Pro\Trash.mbx HTML/TrojanClicker.IFrame.NAG trojan
C:\_OTM\MovedFiles\10062010_143216\C_Program Files\Qualcomm\Eudora Pro\trashold.mbx HTML/TrojanClicker.IFrame.NAG trojan


FYI charSet.exe is a 20 line Visual Studio utility program written in-house in C. I have submitted it to VirScan and it found no problems.

 

[Bobbye]

Sorry you caught one of the lengthy 'Snapshot' entries in Combofic!

The charset entries I put in OTMoveIt showed infected in the Eset scan:
C:\diff\ahs\console\charSet\Debug\charSet.exe probably unknown NewHeur_PE virus 00000000000000000000000000000000 I
C:\diff\ahs_roll\console\charSet\Debug\charSet.exe probably unknown NewHeur_PE virus 00000000000000000000000000000000 I

Once you ran OTM, those infected files were quarantined. So if you submitted another charset file for identification and it came back clean, I would think we removed the infected parts. Do you feel that was in error? When I sent you for the scans, It wasn't for charset- it was for the Ramnit malware.

Combofix looks good and there are no new entries in Eset. Does any of the original problem remain?

 

[al davis]

The charSet I submitted to VirScan was from another machine where it also failed ESET. That machine has not been cleaned . I believe it is a false positive.

I have only used the infected machine a little since it has been tied up testing. So far I am no longer seeing web redirections but I am seeing sites that are not found. Mostly or maybe all sites not found are those that ask for a login. For example, I can go to Yahoo groups but when/if it asks me to login I get an immediate page indicating the site is not available. No thinking or looking for the page just an immediate page presented. It's the familiar looking page. I can snapshot if if needed. Same result if I use an existing bookmark or type in the URL.

I'm also having a problem with email, maybe unrelated but it started about the same time. Some emails never arrive, sometimes I get messages back saying they have been delayed. This happens wether I use Eudora locally or if I go online to my ISP mail server sand send from there. My ISP has checked my outgoing emails and says they are clean.

 

[Bobbye]

Al, the logon page problems sound more like system settings- or possible temporary problem with specific site. I need more info to deal with that. Is it always the same sites?

Mostly or maybe all sites not found are those that ask for a login.

These would be for secure pages, yes? Check in Internet Options> Advanced tab> Security section and make sure all three socket layers are checked:
SSL 2.0
SSL 3.0
TLS 1.0
IF they are not, check them> Then Apply> OK.

A delay in email is usually a server problem.

If you think the charset entries were False Positive, use it again with internet connection, then run Eset again. We'll see what comes back.

 

[al davis]

Al, the logon page problems sound more like system settings- or possible temporary problem with specific site. I need more info to deal with that. Is it always the same sites?

These would be for secure pages, yes? Check in Internet Options> Advanced tab> Security section and make sure all three socket layers are checked:
SSL 2.0
SSL 3.0
TLS 1.0[/b[
IF they are not, check them> Then Apply> OK.

A delay in email is usually a server problem.

OK set those. Not seeing any problems this morning. i agree the delayed email is likely elsewhere. Not knowing what might be important I just want you to have all the details.

If you think the charset entries were False Positive, use it again with internet connection, then run Eset again. We'll see what comes back.

Not clear what you mean here. Use what again with internet connection ?

Here's what I've done with charset.exe :
I ran ESET on another machine on our network. It reported a problem with charset.exe. I submitted that untouched (by our recent cleanup effort) version of charset.exe from that machine to VirScan and it was reported clean.

 

[Bobbye]

How is the system doing now? Do you still need assistance?

 

[al davis]

Bobbye

I believe the system is back to normal. Thank you for your help.

Al

 

[Bobbye]

You're welcome. Now you can remove all of the tools we used and the files and folders they created

• Uninstall ComboFix and all Backups of the files it deleted
• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

• Download OTCleanIt by OldTimer and save it to your Desktop.
• Double click OTCleanIt.exe.
• Click the CleanUp! button.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

• You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
• Go to Start > All Programs > Accessories > System Tools
• Click "System Restore".
• Choose "Create a Restore Point" on the first screen then click "Next".
• Give the Restore Point a name> click "Create".
  
• Go back and follow the path to > System Tools.
  [*]Choose Disc Cleanup
  [*]Click "OK" to select the partition or drive you want.
  [*]Click the "More Options" Tab.
  [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

Empty the Recycle Bin