Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan + winzip32 virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 jackflag

jackflag

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 11 December 2010 - 07:21 PM

Attached File  Attach.txt   2.38KB   0 downloads

Hi all, really appreciate your help on something. I have a trojan that keeps popping up in my anti-virus quarantine after deletion.

In ESET Nod32 it identifies as:

JS/TrojanDownloader.Agent.NWG trojan, with Object Name: funnysnakesshow as a url

Another one as:

http: //91.217.162.176.dm6.exe, with Object Name: a variant of Win32/Olmarik.AJE trojan

And Webroot identified one as:

Troj/JsDldr-C

In task manager I noticed mshta had quite a few processes running as well.

Here is the DDS log. I tried to zip the Attach text file but it insisted on zipping as a winrar file. If someone could instruct me how to zip/compress it normally I can do that asap. Until then i've attached it as a txt file just in case that works for anyone trying to help. I also tried to run gmer but my system freezes before it finishes, every time. I'll continue trying. Thanks again in advance.

DDS (Ver_10-12-05.01) - NTFSx86
Run by Control Option at 12:33:06.97 on Sat 12/11/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17

============== Running Processes ===============

C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
C:\Program Files\Linksys\WUSB600N\WUSB600N.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\WScript.exe
C:\Documents and Settings\Control Option\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Control Option\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Control Option\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Control Option\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\mshta.exe
C:\Documents and Settings\Control Option\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Control Option\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\DOCUME~1\CONTRO~1\LOCALS~1\Temp\fsonlinescanner.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\Control Option\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE
C:\Documents and Settings\Control Option\Desktop\dds.scr
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
TB: Webroot Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} -
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] "c:\windows\system32\ime\tintlgnt\TINTSETP.EXE" /SYNC
mRun: [PHIME2002A] "c:\windows\system32\ime\tintlgnt\TINTSETP.EXE" /IMEName
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] "nwiz.exe" /install
mRun: [Smapp] c:\program files\analog devices\soundmax\SMTray.exe
mRun: [DrvLsnr] "c:\program files\analog devices\soundmax\DrvLsnr.exe"
mRun: [UserFaultCheck] "%systemroot%\system32\dumprep" 0 -u
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [IMEKRMIG6.1] "c:\windows\ime\imkr6_1\IMEKRMIG.EXE"
mRun: [MSPY2002] "c:\windows\system32\ime\pintlgnt\ImScInst.exe" /SYNC
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [WebrootTrayApp] "c:\program files\webroot\security\current\framework\WRTray.exe"
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - Eudora's Shell Extension

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\contro~1\applic~1\mozilla\firefox\profiles\fk0e2xj3.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://herochat.com/forum/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=WBR&o=13993&locale=en_US&apn_uid=C9F67858-B525-4544-B998-569D389BF29A&apn_ptnrs=W5&apn_sauid=87450C5C-E99B-419A-B103-26B7922918AE&apn_dtid=&q=
FF - component: c:\documents and settings\control option\application data\mozilla\firefox\profiles\fk0e2xj3.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: c:\documents and settings\control option\application data\mozilla\firefox\profiles\fk0e2xj3.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\control option\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\control option\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\control option\application data\mozilla\firefox\profiles\fk0e2xj3.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\control option\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows media player\npdrmv2_dll_1.dll
FF - plugin: c:\program files\windows media player\npdsplay_dll_1.dll
FF - plugin: c:\program files\windows media player\npwmsdrm_dll_1.dll
FF - plugin: c:\program files\windows media player\npwmsdrm_dll_2.dll
FF - plugin: c:\windows\system32\c2mp\npdivx32.dll
FF - HiddenExtension: XULRunner: {FEC30349-98EF-4D30-B229-DE345B0D6932} - c:\documents and settings\control option\local settings\application data\{FEC30349-98EF-4D30-B229-DE345B0D6932}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\docume~1\contro~1\applic~1\mozilla\firefox\profiles\fk0e2xj3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: FoxyTunes: {463F6CA5-EE3C-4be1-B7E6-7FEE11953374} - c:\docume~1\contro~1\applic~1\mozilla\firefox\profiles\fk0e2xj3.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
FF - Extension: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - c:\docume~1\contro~1\applic~1\mozilla\firefox\profiles\fk0e2xj3.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Extension: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - c:\docume~1\contro~1\applic~1\mozilla\firefox\profiles\fk0e2xj3.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
FF - Extension: AutoPager: autopager@mozilla.org - c:\docume~1\contro~1\applic~1\mozilla\firefox\profiles\fk0e2xj3.default\extensions\autopager@mozilla.org
FF - Extension: UnPlug: unplug@compunach - c:\docume~1\contro~1\applic~1\mozilla\firefox\profiles\fk0e2xj3.default\extensions\unplug@compunach
FF - Extension: SearchPreview: {EF522540-89F5-46b9-B6FE-1829E2B572C6} - c:\docume~1\contro~1\applic~1\mozilla\firefox\profiles\fk0e2xj3.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
FF - Extension: Multiple Tab Handler: multipletab@piro.sakura.ne.jp - c:\docume~1\contro~1\applic~1\mozilla\firefox\profiles\fk0e2xj3.default\extensions\multipletab@piro.sakura.ne.jp
FF - Extension: Tabloc: {60520222-6bbf-45dd-b547-3641ea9cd9cb} - c:\docume~1\contro~1\applic~1\mozilla\firefox\profiles\fk0e2xj3.default\extensions\{60520222-6bbf-45dd-b547-3641ea9cd9cb}
FF - Extension: Firefox Showcase: {89506680-e3f4-484c-a2c0-ed711d481eda} - c:\docume~1\contro~1\applic~1\mozilla\firefox\profiles\fk0e2xj3.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}
FF - Extension: SkipScreen: SkipScreen@SkipScreen - c:\docume~1\contro~1\applic~1\mozilla\firefox\profiles\fk0e2xj3.default\extensions\SkipScreen@SkipScreen
FF - Extension: Cooliris: piclens@cooliris.com - c:\docume~1\contro~1\applic~1\mozilla\firefox\profiles\fk0e2xj3.default\extensions\piclens@cooliris.com
FF - Extension: Full Screen Video: fullscreen-video@design-noir.de - c:\docume~1\contro~1\applic~1\mozilla\firefox\profiles\fk0e2xj3.default\extensions\fullscreen-video@design-noir.de
FF - Extension: MegaUpload Time Attack: {1cdccf78-1ea9-4f40-b69f-ef7674dbef8c} - c:\docume~1\contro~1\applic~1\mozilla\firefox\profiles\fk0e2xj3.default\extensions\{1cdccf78-1ea9-4f40-b69f-ef7674dbef8c}
FF - Extension: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - c:\docume~1\contro~1\applic~1\mozilla\firefox\profiles\fk0e2xj3.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Extension: NetVideoHunter: netvideohunter@netvideohunter.com - c:\docume~1\contro~1\applic~1\mozilla\firefox\profiles\fk0e2xj3.default\extensions\netvideohunter@netvideohunter.com
FF - Extension: FetchMP3 Video to Audio Converter: {1d8e98fb-53c3-47a8-9fb9-1b51bbf3890d} - c:\docume~1\contro~1\applic~1\mozilla\firefox\profiles\fk0e2xj3.default\extensions\{1d8e98fb-53c3-47a8-9fb9-1b51bbf3890d}
FF - Extension: YouTube to MP3: youtube2mp3@mondayx.de - c:\docume~1\contro~1\applic~1\mozilla\firefox\profiles\fk0e2xj3.default\extensions\youtube2mp3@mondayx.de
FF - Extension: <?xmlversion=1.0?><RDF xmlns=http://www.w3.org/1999/02/22-rdf-syntax-ns# xmlns:em=http://www.mozilla.org/2004/em-rdf#><Description about=urn:mozilla:install-manifest><em:id>{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}: {b9bfaf1c-a63f-47cd-8b9a-29526ced9060} - c:\docume~1\contro~1\applic~1\mozilla\firefox\profiles\fk0e2xj3.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}
FF - Extension: Auto Replay for YouTube: {da684c80-6ad7-4a95-80ec-959e8ab082fd} - c:\docume~1\contro~1\applic~1\mozilla\firefox\profiles\fk0e2xj3.default\extensions\{da684c80-6ad7-4a95-80ec-959e8ab082fd}
FF - Extension: Webroot Toolbar: toolbar@ask.com - c:\docume~1\contro~1\applic~1\mozilla\firefox\profiles\fk0e2xj3.default\extensions\toolbar@ask.com
FF - Extension: 1-Click YouTube Video Downloader: YoutubeDownloader@PeterOlayev.com - c:\docume~1\contro~1\applic~1\mozilla\firefox\profiles\fk0e2xj3.default\extensions\YoutubeDownloader@PeterOlayev.com
FF - Extension: Fast Video Download (with SearchMenu): {c50ca3c4-5656-43c2-a061-13e717f73fc8} - c:\docume~1\contro~1\applic~1\mozilla\firefox\profiles\fk0e2xj3.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
FF - Extension: Flash Video Downloader - Youtube Downloader: artur.dubovoy@gmail.com - c:\docume~1\contro~1\applic~1\mozilla\firefox\profiles\fk0e2xj3.default\extensions\artur.dubovoy@gmail.com
FF - Extension: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - c:\docume~1\contro~1\applic~1\mozilla\firefox\profiles\fk0e2xj3.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Extension: File Search: contact@searchfiles.de - c:\docume~1\contro~1\applic~1\mozilla\firefox\profiles\fk0e2xj3.default\extensions\contact@searchfiles.de
FF - Extension: Search Files on Rapidshare Megaupload Mediafire 4shared Easy-Share and Co: contact@searchfiles.de - c:\docume~1\contro~1\applic~1\mozilla\firefox\profiles\fk0e2xj3.default\extensions\contact@searchfiles.de
FF - Extension: Flash and Video Download: {bee6eb20-01e0-ebd1-da83-080329fb9a3a} - c:\docume~1\contro~1\applic~1\mozilla\firefox\profiles\fk0e2xj3.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Extension: XULRunner: {FEC30349-98EF-4D30-B229-DE345B0D6932} - c:\documents and settings\control option\local settings\application data\{FEC30349-98EF-4D30-B229-DE345B0D6932}
FF - Extension: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\control option\application data\Move Networks

============= SERVICES / DRIVERS ===============

R? Lavasoft Kernexplorer;Lavasoft helper driver
R? rt2870;Linksys 802.11n USB Wireless LAN Card Driver
R? ssfs0bbc;ssfs0bbc
S? ehdrv;ehdrv
S? ekrn;ESET Service
S? epfwtdir;epfwtdir
S? PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service
S? SMCWGU(SMC);SMCWUSB-G 802.11g Wireless USB 2.0 Adapter(SMC)
S? ssfmonm;ssfmonm
S? WebrootSpySweeperService;Webroot Spy Sweeper Engine
S? WRConsumerService;Webroot Client Service

=============== Created Last 30 ================

2010-12-11 00:17:20 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2010-12-11 00:17:20 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2010-12-11 00:17:18 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll
2010-12-11 00:17:11 14336 -c--a-w- c:\windows\system32\dllcache\tsprof.exe
2010-12-11 00:17:08 21896 -c--a-w- c:\windows\system32\dllcache\tdipx.sys
2010-12-11 00:17:08 19464 -c--a-w- c:\windows\system32\dllcache\tdspx.sys
2010-12-11 00:17:07 13192 -c--a-w- c:\windows\system32\dllcache\tdasync.sys
2010-12-11 00:17:02 101376 -c--a-w- c:\windows\system32\dllcache\srusbusd.dll
2010-12-11 00:15:55 7680 -c--a-w- c:\windows\system32\dllcache\migregdb.exe
2010-12-11 00:14:50 18944 -c--a-w- c:\windows\system32\dllcache\cprofile.exe
2010-12-11 00:13:59 188480 -c--a-w- c:\windows\system32\dllcache\cfgwiz.exe
2010-12-11 00:13:59 16439 -c--a-w- c:\windows\system32\dllcache\author.exe
2010-12-11 00:13:58 20540 -c--a-w- c:\windows\system32\dllcache\author.dll
2010-12-11 00:13:58 16439 -c--a-w- c:\windows\system32\dllcache\admin.exe
2010-12-11 00:13:57 20540 -c--a-w- c:\windows\system32\dllcache\admin.dll
2010-12-10 23:58:43 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-12-10 23:58:43 13312 ----a-w- c:\windows\system32\irclass.dll
2010-12-10 23:58:42 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-12-10 23:58:42 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-12-10 23:58:20 13753 ----a-r- c:\windows\SET44.tmp
2010-12-10 23:58:16 1086058 ----a-r- c:\windows\SET38.tmp
2010-12-10 23:58:14 1042903 ----a-r- c:\windows\SET35.tmp
2010-12-04 23:26:49 45072 ----a-w- c:\windows\system32\drivers\ssfmonm.sys
2010-12-04 23:20:12 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{72C0EA6E-A584-4163-B09A-8DED0FDE3BF4}
2010-12-04 23:11:38 -------- d-----w- c:\docume~1\alluse~1\applic~1\Webroot
2010-12-04 22:24:25 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-12-04 22:24:25 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-04 17:19:16 -------- dc----w- c:\docume~1\alluse~1\applic~1\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-12-04 17:17:19 -------- d-----w- c:\program files\Lavasoft
2010-12-04 06:20:59 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-12-04 06:20:58 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-12-04 05:53:22 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2010-12-03 01:55:13 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-12-03 01:41:44 13753 ----a-r- c:\windows\SET40.tmp
2010-12-03 01:41:39 1086058 ----a-r- c:\windows\SET34.tmp
2010-12-03 01:41:36 1042903 ----a-r- c:\windows\SET31.tmp
2010-12-03 01:34:42 13753 ----a-r- c:\windows\SET77.tmp
2010-12-03 01:34:35 1086058 ----a-r- c:\windows\SET6B.tmp
2010-12-03 01:34:33 1042903 ----a-r- c:\windows\SET68.tmp
2010-11-28 0534 -------- d-----w- c:\program files\MSECache

==================== Find3M ====================

2010-10-13 04:58:47 0 ----a-w- c:\windows\Plinexug.bin
2009-03-07 00:22:51 15900672 ----a-w- c:\program files\Photoshop.exe
2007-09-12 05:33:06 143360 ----a-w- c:\program files\GRINTL32.DLL
2007-08-27 22:08:32 19334072 ----a-w- c:\program files\sp24496.exe
2002-04-06 21:37:50 2445312 ----a-w- c:\program files\PSViews.dll
2002-04-06 21:37:46 897024 ----a-w- c:\program files\Photoshop.dll
2002-04-06 21:37:26 24576 ----a-w- c:\program files\Photoshop.fon
2002-04-05 20:18:40 462848 ----a-w- c:\program files\ACE.dll
2002-04-04 05:38:24 4059242 ----a-w- c:\program files\ImageReadyRes.dll
2002-04-04 05:04:10 13336651 ----a-w- c:\program files\ImageReady.exe
2002-04-04 04:35:30 331776 ----a-w- c:\program files\JS32.dll
2002-04-01 07:29:08 53248 ----a-w- c:\program files\Plugin.dll
2002-03-26 22:42:00 1458176 ----a-w- c:\program files\CoolType.dll
2002-03-13 09:24:42 94208 ----a-w- c:\program files\OPP.dll
2002-03-13 09:24:42 929792 ----a-w- c:\program files\AGM.dll
2002-03-13 09:24:42 3485696 ----a-w- c:\program files\MPS.dll
2002-03-13 09:24:42 2920448 ----a-w- c:\program files\PDFL50.dll
2002-03-05 20:10:44 4265 ----a-w- c:\program files\Photoshop.reg
2002-02-27 09:24:56 167936 ----a-w- c:\program files\Bib.dll
2001-12-06 20:24:06 61440 ----a-w- c:\program files\Uninst.dll
2001-06-29 23:38:20 712751 ----a-w- c:\program files\Asn.er.dll
2001-02-16 17:40:46 19456 ----a-w- c:\program files\PSUT9516.DLL
2000-10-10 19:49:14 23024 ----a-w- c:\program files\Shfolder.dll
2000-10-10 19:49:14 20480 ----a-w- c:\program files\Psut9532.dll
1993-07-23 05:00:00 210944 ----a-w- c:\program files\Msvcrt10.dll

============= FINISH: 12:55:49.98 ===============

Edited by jackflag, 11 December 2010 - 11:59 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:59 PM

Posted 19 December 2010 - 07:37 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:59 PM

Posted 24 December 2010 - 08:51 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users