Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox hijacked by "Personal Antivirus" popup


  • This topic is locked This topic is locked
2 replies to this topic

#1 shearerp

shearerp

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 13 September 2009 - 04:35 PM

Every few days, while browsing in Firefox, I will load a new page and shortly thereafter a popup text box appears with the following text [verbatim]:

"Warning!!! Your system requires immediate anti-viruses scan! Personal Antivirus can perform fast and free virus and malicious software scan of your computer ."

Then there's an OK button, a cancel button, and an X button in the upper right corner. Clicking any one of these buttons causes a fake virus scan page to appear. This page looks and acts like a virus scanner which is finding worms and security threats on my computer. Sometimes if I'm too slow to close the window, a download popup appears from windows saying that I have asked to download a certain .exe file [the malware payload I presume], and do I want to run it or save it? I have always closed this window by clicking the corner X and without saving or running the file.

I understand it's normal that if you go into the "wrong neighborhood" of the web, you may find malicious sites like this. The problem is, I get these popups right after loading webpages for articles from nytimes.com. This leads me to suspect that the problem is on my side, since I don't think nytimes is malicious or hijacked by malicious elements.

Before posting this, I followed the instructions in the stickied post, "Preparation Guide For Use Before Using HijackThis and other Malware Removal Tools, Instructions for receiving help in cleaning your computer". The DDS log is posted below and attach.txt file generated by DDS is attached. I also attempted to use several other cleaning tools from trustworthy sources, and the results are posted below.

RootRepeal
I attempted to run RootRepeal, but errors occurred at several stages. First, immediately upon opening the program, I received several errors related to "IO": these are attached in rrlog1.txt. Then I continued following the instructions in the Preparation Guide, clicking "reports", then "scan", then checking that I want to scan all items listed. After clicking OK, the program gives me error dialog boxes saying

Box 1: "Could not initialize the driver! Please contact the author!"
Box 2: "Error dumping SSDT 0xc0000024"

Then Vista says that RootRepeal has stopped working, and it closes.

I then tried to run RootRepeal by scanning only one of the several types of scannable objects at a time. The results included the following information, among other things:

- SSDT box checked:
SYSENTER/INT2E Hooked [0x81c45f50]!
- Shadow SSDT box checked:
Program crashes, no logs or output visible
- others: I sometimes get a DeviceIOcontrol error, and sometimes rootrepeal gives a log file describing why it couldn't do the scan. RootRepeal logs describing these errors are attached; files are of the form rrlog<type>.txt. [rrlogOnOpen.txt is the error that appears upon opening of the program.]

RootKit Unhooker
I searched for "SYSENTER/INT2E" in google and I found a forum conversation recommending a program called Rootkit Unhooker. I downloaded Rootkit Unhooker 3.7.300.509 from SoftPedia via the following link:

http://www.softpedia.com/progDownload/Root...load-61519.html

When I try to run Rootkit Unhooker in normal mode by clicking on its icon in the start menu, I get the following messages:

"Failed to enable debug privilege, not critical issue"
"Error, load driver privilege not adjusted"

and the program exits.

Finally, when I try to run Rootkit Unhooker in console mode, I run "check" before running the program, and the program replies

"Parasite detected!
Parasite type: Unknown remote thread
Thread ID: 1008
Priority: 8
Detected parasites count: 1"

Then I try to run it with the "start" option, and the same errors that occurred after starting normal mode happen again.

SSM
I tried to use a program called System Safety Monitor that I downloaded from CNet:
http://download.cnet.com/System-Safety-Mon...4-10556556.html
but all it did when I installed+opened it was display "driver was not found. please reinstall the application."

GMER
I ran a GMER file scan and attached the log here.






DDSLOG
DDS (Ver_09-07-30.01) - NTFSx86
Run by Paul at 14:17:47.99 on Sun 09/13/2009
Internet Explorer: 7.0.6000.16890 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vistaâ„¢ Ultimate 6.0.6000.0.1252.1.1033.18.3071.1325 [GMT -4:00]

AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated)

{918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: VirusScan Enterprise + AntiSpyware Enterprise *enabled* (Updated) {24E45799-D058-

4314-AC5D-1B2EE5C3151F}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Paul\Program Files\DNA\btdna.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ESTsoft\ALZip\ALZip.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Paul\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program

files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program

files\microsoft office\office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program

files\mcafee\virusscan enterprise\scriptcl.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program

files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program

files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} -

c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program

files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program

files\google\google gears\internet explorer\0.5.32.0\gears.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program

files\google\google toolbar\GoogleToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [BitTorrent DNA] "c:\users\paul\program files\dna\btdna.exe"
uRun: [AdobeUpdater] c:\program files\common files\adobe\updater5\AdobeUpdater.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe"

/StartedFromRunKey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-

malware\mbamgui.exe /install /silent
StartupFolder: c:\users\paul\appdata\roaming\micros~1\windows\startm~1

\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk -

c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~2.lnk -

c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} -

c:\program files\google\google gears\internet explorer\0.5.32.0\gears.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} -

c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} -

hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-

f7252adaa4f2/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} -

hxxp://www.srtest.com/srl_bin/sysreqlab3.cab
DPF: {58172624-85DD-4482-9E64-02ADCA637E96} -

hxxp://sumovolleyball.com/activex/web665.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall

-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -

hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall

-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall

-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall

-1_6_0_15-windows-i586.cab
TCP: {5ECA3469-D1D8-4DF3-A929-A4C890C9B9AE} = 68.87.77.130,68.87.72.130
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google

toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program

files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program

files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath -

c:\users\paul\appdata\roaming\mozilla\firefox\profiles\78uvm0ca.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\program files\google\google gears\firefox\lib\ff35\gears.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\users\paul\appdata\roaming\move networks\plugins\npqmp071500000347.dll
FF - plugin: c:\users\paul\program files\dna\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-

08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation

foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref

("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref

("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref

("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota",

5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate",

3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-

redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -

1);
c:\program files\mozilla firefox\greprefs\all.js - pref

("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref

("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer",

131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref

("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref

("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref

("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref

("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref

("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref

("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref

("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref

("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref

("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref

("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref

("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref

("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref

("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref

("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref

("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history",

true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata",

true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref

("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref

("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies",

true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache",

true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions",

true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref

("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref

("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref

("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref

("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref

("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref

("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref

("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri",

"https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-9-13

38224]
R3 rt61x86;Gigabyte RT61 Wireless Driver for Windows Vista;c:\windows\system32

\drivers\netr61.sys [2007-9-28 316928]
S2 gupdate1c911072dfedb7e;Google Update Service (gupdate1c911072dfedb7e);c:\program

files\google\update\GoogleUpdate.exe [2008-9-7 133104]

=============== Created Last 30 ================

2009-09-13 13:59 <DIR> --d----- c:\program files\Trend Micro
2009-09-13 13:53 <DIR> --d-----

c:\users\paul\appdata\roaming\Malwarebytes
2009-09-13 13:53 38,224 a------- c:\windows\system32

\drivers\mbamswissarmy.sys
2009-09-13 13:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-13 13:53 <DIR> --d----- c:\programdata\Malwarebytes
2009-09-13 13:53 <DIR> --d----- c:\progra~2\Malwarebytes
2009-09-13 13:53 <DIR> --d----- c:\program files\Malwarebytes' Anti-

Malware
2009-09-13 13:49 <DIR> --d----- c:\users\paul\.housecall6.6
2009-09-09 16:13 1,657,350 a------- c:\windows\system32\wlan.tmf
2009-09-02 18:35 1,686,528 a------- c:\windows\system32\gameux.dll
2009-09-02 18:34 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-09-02 18:34 4,247,552 a------- c:\windows\system32

\GameUXLegacyGDFs.dll
2009-08-30 17:47 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-08-30 17:47 23,400 a------- c:\windows\system32

\drivers\GEARAspiWDM.sys
2009-08-30 17:46 <DIR> --d----- c:\program files\iPod
2009-08-30 17:46 <DIR> --d----- c:\program files\iTunes
2009-08-30 17:18 <DIR> --d----- c:\windows\system32\appmgmt
2009-08-26 03:02 2,048 a------- c:\windows\system32\tzres.dll
2009-08-19 00:40 97,800 a------- c:\windows\system32\infocardapi.dll
2009-08-19 00:40 105,016 a------- c:\windows\system32

\PresentationCFFRasterizerNative_v0300.dll
2009-08-19 00:40 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-08-19 00:40 622,080 a------- c:\windows\system32\icardagt.exe
2009-08-19 00:40 43,544 a------- c:\windows\system32

\PresentationHostProxy.dll
2009-08-19 00:40 11,264 a------- c:\windows\system32\icardres.dll
2009-08-19 00:40 781,344 a------- c:\windows\system32

\PresentationNative_v0300.dll
2009-08-19 00:39 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-08-19 00:37 56,819,712 a-------

c:\windows\ocsetup_install_NetFx3.etl
2009-08-19 00:37 196,608 a-------

c:\windows\ocsetup_cbs_install_NetFx3.perf
2009-08-19 00:37 65,536 a-------

c:\windows\ocsetup_cbs_install_NetFx3.dpx
2009-08-19 00:29 96,760 a------- c:\windows\system32\dfshim.dll
2009-08-19 00:29 282,112 a------- c:\windows\system32\mscoree.dll
2009-08-19 00:29 41,984 a------- c:\windows\system32\netfxperf.dll
2009-08-19 00:28 158,720 a------- c:\windows\system32\mscorier.dll
2009-08-19 00:27 83,968 a------- c:\windows\system32\mscories.dll
2009-08-19 00:21 71,680 a------- c:\windows\system32\atl.dll
2009-08-19 00:21 156,160 a------- c:\windows\system32\wkssvc.dll
2009-08-19 00:21 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-08-19 00:21 7,680 a------- c:\windows\system32\spwmp.dll
2009-08-19 00:21 4,096 a------- c:\windows\system32\msdxm.ocx
2009-08-19 00:21 4,096 a------- c:\windows\system32\dxmasf.dll
2009-08-19 00:21 8,147,968 a------- c:\windows\system32\wmploc.DLL
2009-08-19 00:21 43,520 a------- c:\windows\system32\msdxm.tlb
2009-08-19 00:21 18,432 a------- c:\windows\system32\amcompat.tlb
2009-08-19 00:21 88,576 a------- c:\windows\system32\avifil32.dll
2009-08-19 00:20 123,904 a------- c:\windows\system32\msvfw32.dll
2009-08-19 00:20 82,944 a------- c:\windows\system32\mciavi32.dll
2009-08-19 00:20 65,024 a------- c:\windows\system32\avicap32.dll
2009-08-19 00:20 31,232 a------- c:\windows\system32\msvidc32.dll
2009-08-19 00:20 12,800 a------- c:\windows\system32\msrle32.dll
2009-08-19 00:20 1,871,872 a------- c:\windows\system32\mstscax.dll
2009-08-19 00:20 116,736 a------- c:\windows\system32\aaclient.dll
2009-08-19 00:20 36,352 a------- c:\windows\system32\tsgqec.dll

==================== Find3M ====================

2009-08-28 23:40 449,024 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-28 23:40 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 23:40 2,143,744 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 23:40 537,600 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 19:15 2,560 a------- c:\windows\apppatch\AcRes.dll
2009-08-14 13:16 213,592 a------- c:\windows\system32\drivers\netio.sys
2009-08-14 12:42 167,424 a------- c:\windows\system32\tcpipcfg.dll
2009-08-14 12:40 103,936 a------- c:\windows\system32\netiohlp.dll
2009-08-14 12:40 15,360 a------- c:\windows\system32\netevent.dll
2009-08-14 10:25 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 10:25 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 10:25 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 10:25 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 10:25 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 10:25 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 10:25 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-08-14 10:24 813,568 a------- c:\windows\system32\drivers\tcpip.sys
2009-08-14 10:23 22,016 a------- c:\windows\system32\netiougc.exe
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-21 23:32 86,016 a------- c:\windows\inf\infstrng.dat
2009-07-21 23:32 86,016 a------- c:\windows\inf\infstor.dat
2009-07-21 23:32 51,200 a------- c:\windows\inf\infpub.dat
2009-07-18 08:17 827,392 a------- c:\windows\system32\wininet.dll
2009-07-18 08:10 56,320 a------- c:\windows\system32\iesetup.dll
2009-07-18 08:10 78,336 a------- c:\windows\system32\ieencode.dll
2009-07-18 08:10 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-07-18 08:07 72,704 a------- c:\windows\system32\admparse.dll
2009-07-18 06:00 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-07-18 04:34 48,128 a------- c:\windows\system32\mshtmler.dll
2009-07-11 15:32 502,272 a------- c:\windows\system32\wlansvc.dll
2009-07-11 15:32 297,984 a------- c:\windows\system32\wlansec.dll
2009-07-11 15:32 290,816 a------- c:\windows\system32\wlanmsm.dll
2009-07-11 15:32 67,584 a------- c:\windows\system32\wlanhlp.dll
2009-07-11 15:32 47,104 a------- c:\windows\system32\wlanapi.dll
2009-07-11 15:26 123,904 a------- c:\windows\system32\L2SecHC.dll
2009-07-09 12:16 2,060,288 a------- c:\windows\system32

\usbaaplrc.dll
2008-12-11 04:14 174 a--sh--- c:\program files\desktop.ini
2008-09-09 03:05 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 08:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 14:19:09.13 ===============

Attached Files


Edited by shearerp, 13 September 2009 - 04:36 PM.


BC AdBot (Login to Remove)

 


#2 shearerp

shearerp
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 13 September 2009 - 06:43 PM

Nevermind; it looks like the problem IS on nytimes.com end after all:

http://news.cnet.com/8301-1009_3-10351460-...547-1009_3-0-20

All problems are now fixed on this end. Sorry for adding to the clutter unnecessarily.

Edited by shearerp, 13 September 2009 - 06:59 PM.


#3 Guest_The weatherman_*

Guest_The weatherman_*

  • Guests
  • OFFLINE
  •  

Posted 14 September 2009 - 04:32 PM

Thank you for letting us know shearerp. :(




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users