Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPDBDD.tmp\PresentationFramework.dll **HIDDEN**


  • Please log in to reply
13 replies to this topic

#1 Miroku16

Miroku16

  • Members
  • 233 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 10 January 2013 - 12:27 PM

Okay, so I found a file when I ran a scan with aswMBR. It was the following log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2013-01-10 11:58:31
-----------------------------
11:58:31.119 OS Version: Windows x64 6.1.7601 Service Pack 1
11:58:31.119 Number of processors: 4 586 0x2505
11:58:31.119 ComputerName: BOOT-PC UserName: Boot
11:58:36.095 Initialize success
11:58:36.376 AVAST engine defs: 13011000
11:58:40.728 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:58:40.728 Disk 0 Vendor: TOSHIBA_ GJ00 Size: 610480MB BusType: 3
11:58:40.775 Disk 0 MBR read successfully
11:58:40.775 Disk 0 MBR scan
11:58:40.775 Disk 0 unknown MBR code
11:58:40.806 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
11:58:40.837 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 586853 MB offset 409600
11:58:40.869 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 23323 MB offset 1202284544
11:58:40.931 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 1250050048
11:58:41.025 Disk 0 scanning C:\Windows\system32\drivers
11:59:13.098 Service scanning
12:00:37.073 Modules scanning
12:00:37.073 Disk 0 trace - called modules:
12:00:37.089 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
12:00:37.104 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80088e2060]
12:00:37.104 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> [0xfffffa80069e5b10]
12:00:37.104 5 hpdskflt.sys[fffff88001da7189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006870050]
12:00:38.618 AVAST engine scan C:\Windows
12:00:45.341 AVAST engine scan C:\Windows\system32
12:04:46.987 File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPDBDD.tmp\PresentationFramework.dll **HIDDEN**
12:04:48.968 AVAST engine scan C:\Windows\system32\drivers
12:05:15.145 AVAST engine scan C:\Users\Boot
12:18:05.134 AVAST engine scan C:\ProgramData
12:22:06.405 Scan finished successfully
12:22:23.456 Disk 0 MBR has been saved successfully to "C:\Users\Boot\Desktop\MBR.dat"
12:22:23.456 The log file has been saved successfully to "C:\Users\Boot\Desktop\aswMBR10.txt"


This was the file:
File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPDBDD.tmp\PresentationFramework.dll **HIDDEN**

What does this file mean? How serious is it?

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 34,251 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:57 AM

Posted 10 January 2013 - 06:28 PM

Nothing to worry about.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif




#3 Miroku16

Miroku16
  • Topic Starter

  • Members
  • 233 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 10 January 2013 - 06:39 PM

why not? what does this reading mean?

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 34,251 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:57 AM

Posted 10 January 2013 - 06:59 PM

Upload that file here: https://www.virustotal.com/ for security check.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif




#5 Miroku16

Miroku16
  • Topic Starter

  • Members
  • 233 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 10 January 2013 - 07:12 PM

I cannot locate it. I can only make it to assembly folder, but can't find NativeImages and so forth. I did search my computer and got to the temp part. But I could not locate the ZAPDBDD file. I believe it's hidden, like aswMBR said. How can I upload something to the scanner that I cannot physically find?

Edited by Miroku16, 10 January 2013 - 07:17 PM.


#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 34,251 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:57 AM

Posted 10 January 2013 - 07:17 PM

Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
NOTE. Make sure to reverse the above changes, when done with this step.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif




#7 Miroku16

Miroku16
  • Topic Starter

  • Members
  • 233 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 10 January 2013 - 07:34 PM

I can't find the file using the browse option on virus total. It's no where to be found, even after the changes I made with windows explorer. I can't even locate NativeImages after I open assembly. what is this thing and why can't I easily find it?

Edited by Miroku16, 10 January 2013 - 07:40 PM.


#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 34,251 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:57 AM

Posted 10 January 2013 - 08:41 PM

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box and paste it into the main textfield:
    :filefind
    PresentationFramework.dll
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif




#9 Miroku16

Miroku16
  • Topic Starter

  • Members
  • 233 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 10 January 2013 - 09:20 PM

here is the log:

SystemLook 30.07.11 by jpshortstuff
Log created at 21:17 on 10/01/2013 by Boot
Administrator - Elevation successful

========== filefind ==========

Searching for "PresentationFramework.dll"
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll --a---- 4640768 bytes [04:05 07/08/2012] [23:29 10/02/2012] 8FD9AC63624F3F2DFFD8C44AE34B8945
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll --a---- 5283840 bytes [04:05 07/08/2012] [23:31 10/02/2012] 530DFD580E4C341B267ED4E2A56B8233
C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll --a---- 5283840 bytes [04:05 07/08/2012] [23:31 10/02/2012] 530DFD580E4C341B267ED4E2A56B8233
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll --a---- 6429816 bytes [15:01 10/01/2013] [15:01 10/01/2013] 1FD88B4A7F6B637E0949B6C238206671
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.dll --a---- 6429816 bytes [13:38 10/09/2012] [13:38 10/09/2012] 1FD88B4A7F6B637E0949B6C238206671
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework.dll --a---- 6429816 bytes [13:38 10/09/2012] [13:38 10/09/2012] 1FD88B4A7F6B637E0949B6C238206671
C:\Windows\winsxs\amd64_wpf-presentationframework_31bf3856ad364e35_6.1.7600.16385_none_ca7b4dad6fa76e50\PresentationFramework.dll --a---- 4636672 bytes [01:01 14/07/2009] [20:30 10/06/2009] 7BB77434F082876EDBD17DA3758D6AD3
C:\Windows\winsxs\amd64_wpf-presentationframework_31bf3856ad364e35_6.1.7600.16542_none_caa3904b6f89acd5\PresentationFramework.dll --a---- 4636672 bytes [19:36 14/01/2011] [23:23 02/03/2010] 5C0151B515E78DDF63C0E4622D39F947
C:\Windows\winsxs\amd64_wpf-presentationframework_31bf3856ad364e35_6.1.7600.16991_none_ca6c87fd6fb313cf\PresentationFramework.dll --a---- 4636672 bytes [04:41 12/05/2012] [00:45 06/04/2012] 58179B33941E5F5578B97A157895E0DA
C:\Windows\winsxs\amd64_wpf-presentationframework_31bf3856ad364e35_6.1.7600.16992_none_ca6d88476fb22d26\PresentationFramework.dll --a---- 4636672 bytes [04:41 12/05/2012] [00:45 06/04/2012] 58179B33941E5F5578B97A157895E0DA
C:\Windows\winsxs\amd64_wpf-presentationframework_31bf3856ad364e35_6.1.7600.20658_none_cb285ee688aa009a\PresentationFramework.dll --a---- 4636672 bytes [19:36 14/01/2011] [23:25 01/03/2010] 73043068C5C1BD8534A996AEB54645AA
C:\Windows\winsxs\amd64_wpf-presentationframework_31bf3856ad364e35_6.1.7600.21182_none_cb01cd2088c7e441\PresentationFramework.dll --a---- 4640768 bytes [04:41 12/05/2012] [00:45 06/04/2012] 78B82A6E8288EBC4443F762DF0DA3079
C:\Windows\winsxs\amd64_wpf-presentationframework_31bf3856ad364e35_6.1.7600.21183_none_cb02cd6a88c6fd98\PresentationFramework.dll --a---- 4640768 bytes [04:41 12/05/2012] [00:45 06/04/2012] 78B82A6E8288EBC4443F762DF0DA3079
C:\Windows\winsxs\amd64_wpf-presentationframework_31bf3856ad364e35_6.1.7601.17514_none_ccac61756c95f1ea\PresentationFramework.dll --a---- 4636672 bytes [17:37 07/07/2011] [01:52 05/11/2010] A31008533A85FB54C0C7C4D50EE523D2
C:\Windows\winsxs\amd64_wpf-presentationframework_31bf3856ad364e35_6.1.7601.17755_none_cc8225db6cb57553\PresentationFramework.dll --a---- 4640768 bytes [04:06 07/08/2012] [03:34 04/01/2012] C6DEBEDA0266689736C3EF71EE77AB9F
C:\Windows\winsxs\amd64_wpf-presentationframework_31bf3856ad364e35_6.1.7601.17777_none_cc6e86976cc3dfe3\PresentationFramework.dll --a---- 4640768 bytes [04:05 07/08/2012] [23:29 10/02/2012] 8FD9AC63624F3F2DFFD8C44AE34B8945
C:\Windows\winsxs\amd64_wpf-presentationframework_31bf3856ad364e35_6.1.7601.21890_none_ccdb818485f8062e\PresentationFramework.dll --a---- 4640768 bytes [04:06 07/08/2012] [02:50 04/01/2012] A2D8A4C453BD81A0D4E5D8F87AA685BC
C:\Windows\winsxs\amd64_wpf-presentationframework_31bf3856ad364e35_6.1.7601.21921_none_cd28332885be5915\PresentationFramework.dll --a---- 4640768 bytes [04:05 07/08/2012] [23:30 10/02/2012] 8A3FC41AB2ED2B69DA389769FAF831DF
C:\Windows\winsxs\msil_presentationframework_31bf3856ad364e35_6.1.7600.16385_none_768dec28555050e9\PresentationFramework.dll --a---- 5279744 bytes [00:35 14/07/2009] [21:14 10/06/2009] 971DD5F840C5DBCB1076D00AA97550B6
C:\Windows\winsxs\msil_presentationframework_31bf3856ad364e35_6.1.7600.16542_none_76b62ec655328f6e\PresentationFramework.dll --a---- 5279744 bytes [19:36 14/01/2011] [23:24 02/03/2010] 12524C6A4C871CA58626F0672BF02E03
C:\Windows\winsxs\msil_presentationframework_31bf3856ad364e35_6.1.7600.16991_none_767f2678555bf668\PresentationFramework.dll --a---- 5279744 bytes [04:41 12/05/2012] [00:49 06/04/2012] 01D7FAC887DACE2CAD7ABD80B2F663C9
C:\Windows\winsxs\msil_presentationframework_31bf3856ad364e35_6.1.7600.16992_none_768026c2555b0fbf\PresentationFramework.dll --a---- 5279744 bytes [04:41 12/05/2012] [00:49 06/04/2012] 01D7FAC887DACE2CAD7ABD80B2F663C9
C:\Windows\winsxs\msil_presentationframework_31bf3856ad364e35_6.1.7600.20658_none_773afd616e52e333\PresentationFramework.dll --a---- 5279744 bytes [19:36 14/01/2011] [23:26 01/03/2010] 8DFC680C3DD13900C954F0DD998000DE
C:\Windows\winsxs\msil_presentationframework_31bf3856ad364e35_6.1.7600.21182_none_77146b9b6e70c6da\PresentationFramework.dll --a---- 5283840 bytes [04:41 12/05/2012] [00:47 06/04/2012] D758920125962491DBED7FD9A1DE18AC
C:\Windows\winsxs\msil_presentationframework_31bf3856ad364e35_6.1.7600.21183_none_77156be56e6fe031\PresentationFramework.dll --a---- 5283840 bytes [04:41 12/05/2012] [00:47 06/04/2012] D758920125962491DBED7FD9A1DE18AC
C:\Windows\winsxs\msil_presentationframework_31bf3856ad364e35_6.1.7601.17514_none_78befff0523ed483\PresentationFramework.dll --a---- 5279744 bytes [17:37 07/07/2011] [01:53 05/11/2010] 1D362AE9606BF7D4E3342EB7F7671CD0
C:\Windows\winsxs\msil_presentationframework_31bf3856ad364e35_6.1.7601.17755_none_7894c456525e57ec\PresentationFramework.dll --a---- 5283840 bytes [04:06 07/08/2012] [02:50 04/01/2012] 6B857080D99F02EDD1540B4AF5D35598
C:\Windows\winsxs\msil_presentationframework_31bf3856ad364e35_6.1.7601.17777_none_78812512526cc27c\PresentationFramework.dll --a---- 5283840 bytes [04:05 07/08/2012] [23:31 10/02/2012] 530DFD580E4C341B267ED4E2A56B8233
C:\Windows\winsxs\msil_presentationframework_31bf3856ad364e35_6.1.7601.21890_none_78ee1fff6ba0e8c7\PresentationFramework.dll --a---- 5283840 bytes [04:06 07/08/2012] [02:50 04/01/2012] A2DE654C98563C2CFC411BC7ED28FC34
C:\Windows\winsxs\msil_presentationframework_31bf3856ad364e35_6.1.7601.21921_none_793ad1a36b673bae\PresentationFramework.dll --a---- 5283840 bytes [04:05 07/08/2012] [23:30 10/02/2012] 055564C29444F5C8FFAF725940E14E6F
C:\Windows\winsxs\x86_wpf-presentationframework_31bf3856ad364e35_6.1.7600.16385_none_6e5cb229b749fd1a\PresentationFramework.dll --a---- 5279744 bytes [00:35 14/07/2009] [21:14 10/06/2009] 971DD5F840C5DBCB1076D00AA97550B6
C:\Windows\winsxs\x86_wpf-presentationframework_31bf3856ad364e35_6.1.7600.16542_none_6e84f4c7b72c3b9f\PresentationFramework.dll --a---- 5279744 bytes [19:36 14/01/2011] [23:24 02/03/2010] 12524C6A4C871CA58626F0672BF02E03
C:\Windows\winsxs\x86_wpf-presentationframework_31bf3856ad364e35_6.1.7600.16991_none_6e4dec79b755a299\PresentationFramework.dll --a---- 5279744 bytes [04:41 12/05/2012] [00:49 06/04/2012] 01D7FAC887DACE2CAD7ABD80B2F663C9
C:\Windows\winsxs\x86_wpf-presentationframework_31bf3856ad364e35_6.1.7600.16992_none_6e4eecc3b754bbf0\PresentationFramework.dll --a---- 5279744 bytes [04:41 12/05/2012] [00:49 06/04/2012] 01D7FAC887DACE2CAD7ABD80B2F663C9
C:\Windows\winsxs\x86_wpf-presentationframework_31bf3856ad364e35_6.1.7600.20658_none_6f09c362d04c8f64\PresentationFramework.dll --a---- 5279744 bytes [19:36 14/01/2011] [23:26 01/03/2010] 8DFC680C3DD13900C954F0DD998000DE
C:\Windows\winsxs\x86_wpf-presentationframework_31bf3856ad364e35_6.1.7600.21182_none_6ee3319cd06a730b\PresentationFramework.dll --a---- 5283840 bytes [04:41 12/05/2012] [00:47 06/04/2012] D758920125962491DBED7FD9A1DE18AC
C:\Windows\winsxs\x86_wpf-presentationframework_31bf3856ad364e35_6.1.7600.21183_none_6ee431e6d0698c62\PresentationFramework.dll --a---- 5283840 bytes [04:41 12/05/2012] [00:47 06/04/2012] D758920125962491DBED7FD9A1DE18AC
C:\Windows\winsxs\x86_wpf-presentationframework_31bf3856ad364e35_6.1.7601.17514_none_708dc5f1b43880b4\PresentationFramework.dll --a---- 5279744 bytes [17:37 07/07/2011] [01:53 05/11/2010] 1D362AE9606BF7D4E3342EB7F7671CD0
C:\Windows\winsxs\x86_wpf-presentationframework_31bf3856ad364e35_6.1.7601.17755_none_70638a57b458041d\PresentationFramework.dll --a---- 5283840 bytes [04:06 07/08/2012] [02:50 04/01/2012] 6B857080D99F02EDD1540B4AF5D35598
C:\Windows\winsxs\x86_wpf-presentationframework_31bf3856ad364e35_6.1.7601.17777_none_704feb13b4666ead\PresentationFramework.dll --a---- 5283840 bytes [04:05 07/08/2012] [23:31 10/02/2012] 530DFD580E4C341B267ED4E2A56B8233
C:\Windows\winsxs\x86_wpf-presentationframework_31bf3856ad364e35_6.1.7601.21890_none_70bce600cd9a94f8\PresentationFramework.dll --a---- 5283840 bytes [04:06 07/08/2012] [02:50 04/01/2012] A2DE654C98563C2CFC411BC7ED28FC34
C:\Windows\winsxs\x86_wpf-presentationframework_31bf3856ad364e35_6.1.7601.21921_none_710997a4cd60e7df\PresentationFramework.dll --a---- 5283840 bytes [04:05 07/08/2012] [23:30 10/02/2012] 055564C29444F5C8FFAF725940E14E6F

-= EOF =-

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 34,251 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:57 AM

Posted 10 January 2013 - 09:40 PM

The file in question is not there anymore.
It was listed in "temp" folder so there is a good chance Windows got rid of it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif




#11 Miroku16

Miroku16
  • Topic Starter

  • Members
  • 233 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 10 January 2013 - 10:05 PM

Oh, okay. So, should I not worry about it anymore?

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 34,251 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:57 AM

Posted 10 January 2013 - 10:06 PM

If the computer is not acting up you should be good to go.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif




#13 Miroku16

Miroku16
  • Topic Starter

  • Members
  • 233 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 11 January 2013 - 10:01 PM

Okay, sounds good. Thank you.

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 34,251 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:57 AM

Posted 11 January 2013 - 10:18 PM

Posted Image

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif







0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users