Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tricky malware audio/browser redirect


  • This topic is locked This topic is locked
2 replies to this topic

#1 oneafter909

oneafter909

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 01 May 2011 - 02:44 AM

Hi,

I've been trying in vain to remove malware from my computer for about a month, but I can't seem to crack some of it. It started as something similar to Windows Repair, or one of those horrible programs, and while that's gone, I'm still getting browser redirects, some script errors for internet explorer (even though I only use firefox) and audio playing in the background sometimes. Also, just today I've had problems with my computer shutting down, and I've been getting a lot of error messages from programs that are clearly malware (so I guess I've become re-infected, even though I really haven't been using this computer much). My computer shut down during my GMER scan, but here's the DDS log:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by EVAN at 17:41:16.79 on Sun 01/05/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3583.3053 [GMT 10:00]
.
FW: Norton Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Trojan Remover\Trjscan.exe
C:\Program Files\Spyware Doctor\BDT\FGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DVD Region-Free\DVDRegionFree.exe
C:\Program Files\DVD Region-Free\DVDRegionFree.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\system32\mshta.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Firefox Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
mWinlogon: SFCDisable=-99 (0xffffff9d)
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Web assistant: {0b53eac3-8d69-4b9e-9b19-a37c9a5676a7} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"
uRun: [RealPlayer] "c:\program files\real\realplayer\realplay.exe" /RunUPGToolCommandReBoot
mRun: [POINTER] c:\program files\microsoft hardware\mouse\point32.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [HPHUPD05] c:\program files\hewlett-packard\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [CloneCDElbyCDFL] "c:\program files\elaborate bytes\clonecd\ElbyCheck.exe" /L ElbyCDFL
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [VideoraiPodConverter] c:\program files\videoraipodconverter\VideoraiPodConverter.exe -t
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NWEReboot]
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [GEST] ]
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
mRun: [PCTools FGuard] c:\program files\spyware doctor\bdt\FGuard.exe
dRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
dRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
StartupFolder: c:\docume~1\evan\startm~1\programs\startup\dvdreg~1.lnk - c:\program files\dvd region-free\DVDRegionFree.exe
StartupFolder: c:\documents and settings\evan\start menu\programs\startup\Startup.js
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
Trusted Zone: windowsmedia.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} - hxxp://www.miniclip.com/games/ricochet-lost-worlds/en/ReflexiveWebGameLoader.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://spaces.msn.com//PhotoUpload/MsnPUpld.cab
DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} - hxxp://simcity.ea.com/update/EARTPX.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1114124550343
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} - hxxp://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-1_4_0_01-win.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: DVDIdleShell Class: {93994de8-8239-4655-b1d1-5f4e91300429} - c:\program files\dvd region-free\DVDShell.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\evan\applic~1\mozilla\firefox\profiles\hal6la1e.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\logitech\harmony remote driver\NprtHarmonyPlugin.dll
FF - plugin: c:\program files\opera75\program\plugins\np32dsw.dll
FF - plugin: c:\program files\opera75\program\plugins\NPDocBox.dll
FF - plugin: c:\program files\opera75\program\plugins\npdrmv2.dll
FF - plugin: c:\program files\opera75\program\plugins\npdsplay.dll
FF - plugin: c:\program files\opera75\program\plugins\nppdf32.dll
FF - plugin: c:\program files\opera75\program\plugins\nppl3260.dll
FF - plugin: c:\program files\opera75\program\plugins\nprjplug.dll
FF - plugin: c:\program files\opera75\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\opera75\program\plugins\NPSWF32.dll
FF - plugin: c:\program files\opera75\program\plugins\npwmsdrm.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: XULRunner: {B49EAC5D-AFE9-4AD6-852F-020363BFB70B} - c:\documents and settings\evan\local settings\application data\{B49EAC5D-AFE9-4AD6-852F-020363BFB70B}
.
============= SERVICES / DRIVERS ===============
.
R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [2002-11-28 22016]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-1-19 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-5-1 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-5-1 656320]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-18 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67656]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-1-19 247760]
S2 ccProxy;ccProxy; [x]
S3 ccPwdSvc;ccPwdSvc; [x]
S3 ETDrv;ETDrv;c:\windows\system32\drivers\ETDrv.sys [2004-1-2 170128]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-1-19 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-1-19 1150936]
.
=============== Created Last 30 ================
.
2011-05-01 07:27:05 348160 --sha-w- c:\docume~1\evan\locals~1\applic~1\jcj.exe
2011-04-30 15:29:44 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-04-30 15:29:44 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-04-29 07:07:57 388096 ----a-r- c:\docume~1\evan\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-04-29 07:07:57 -------- d-----w- c:\program files\Trend Micro
2011-04-13 08:32:15 -------- d-----w- c:\program files\IObit
2011-04-13 08:32:15 -------- d-----w- c:\docume~1\evan\applic~1\IObit
2011-04-13 08:21:10 -------- d-----w- c:\program files\Trojan Remover
2011-04-13 08:17:35 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2011-04-13 08:17:35 75264 ----a-w- c:\windows\system32\unacev2.dll
2011-04-13 08:17:35 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2011-04-13 08:17:35 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2011-04-13 08:17:35 153088 ----a-w- c:\windows\system32\unrar3.dll
2011-04-13 08:17:34 -------- d-----w- c:\docume~1\evan\applic~1\Simply Super Software
2011-04-13 08:17:34 -------- d-----w- c:\docume~1\alluse~1\applic~1\Simply Super Software
2011-04-13 08:08:36 -------- d-----w- c:\program files\RegistryFix8
2011-04-10 10:59:19 18 ----a-w- c:\docume~1\alluse~1\applic~1\unhide.bat
.
==================== Find3M ====================
.
2011-02-14 06:49:42 161 ---ha-w- c:\docume~1\evan\applic~1\5673.bat
2011-02-14 06:22:43 161 ---ha-w- c:\docume~1\evan\applic~1\1907.bat
2011-02-14 06:04:43 159 ---ha-w- c:\docume~1\evan\applic~1\1555.bat
2011-02-14 05:59:43 169 ---ha-w- c:\docume~1\evan\applic~1\7427.bat
2011-02-14 05:30:45 167 ---ha-w- c:\docume~1\evan\applic~1\5889.bat
2011-02-14 05:01:43 159 ---ha-w- c:\docume~1\evan\applic~1\494.bat
2011-02-14 04:45:44 165 ---ha-w- c:\docume~1\evan\applic~1\4658.bat
2011-02-14 04:35:04 161 ---ha-w- c:\docume~1\evan\applic~1\4303.bat
2011-02-14 04:25:03 165 ---ha-w- c:\docume~1\evan\applic~1\608.bat
2011-02-14 03:56:06 165 ---ha-w- c:\docume~1\evan\applic~1\5961.bat
2011-02-14 03:26:00 163 ---ha-w- c:\docume~1\evan\applic~1\7014.bat
2011-02-14 03:04:00 165 ---ha-w- c:\docume~1\evan\applic~1\408.bat
2011-02-14 02:56:57 161 ---ha-w- c:\docume~1\evan\applic~1\4401.bat
2011-02-14 02:38:56 161 ---ha-w- c:\docume~1\evan\applic~1\7149.bat
2011-02-14 02:06:00 165 ---ha-w- c:\docume~1\evan\applic~1\6293.bat
2011-02-14 01:42:57 161 ---ha-w- c:\docume~1\evan\applic~1\8044.bat
2011-02-14 01:23:56 169 ---ha-w- c:\docume~1\evan\applic~1\9855.bat
2011-02-14 01:17:56 163 ---ha-w- c:\docume~1\evan\applic~1\2834.bat
2011-02-14 01:06:00 169 ---ha-w- c:\docume~1\evan\applic~1\2153.bat
2011-02-14 01:01:06 161 ---ha-w- c:\docume~1\evan\applic~1\2699.bat
2011-02-13 13:28:58 163 ---ha-w- c:\docume~1\evan\applic~1\2830.bat
2011-02-13 13:01:57 169 ---ha-w- c:\docume~1\evan\applic~1\4722.bat
2011-02-13 12:42:56 161 ---ha-w- c:\docume~1\evan\applic~1\7257.bat
2011-02-13 12:15:57 163 ---ha-w- c:\docume~1\evan\applic~1\116.bat
2011-02-13 12:06:57 167 ---ha-w- c:\docume~1\evan\applic~1\4014.bat
2011-02-13 11:52:03 159 ---ha-w- c:\docume~1\evan\applic~1\272.bat
2011-02-13 11:41:56 163 ---ha-w- c:\docume~1\evan\applic~1\7265.bat
2011-02-13 11:14:57 161 ---ha-w- c:\docume~1\evan\applic~1\4280.bat
2011-02-13 10:52:04 163 ---ha-w- c:\docume~1\evan\applic~1\2845.bat
2011-02-13 10:26:04 161 ---ha-w- c:\docume~1\evan\applic~1\2425.bat
2011-02-13 10:01:59 163 ---ha-w- c:\docume~1\evan\applic~1\9604.bat
2011-02-13 09:41:54 169 ---ha-w- c:\docume~1\evan\applic~1\7236.bat
2011-02-13 09:34:58 161 ---ha-w- c:\docume~1\evan\applic~1\6575.bat
2011-02-13 09:26:09 169 ---ha-w- c:\docume~1\evan\applic~1\904.bat
2011-02-13 09:12:33 169 ---ha-w- c:\docume~1\evan\applic~1\7481.bat
2011-02-13 08:55:29 159 ---ha-w- c:\docume~1\evan\applic~1\7083.bat
2011-02-13 08:39:34 165 ---ha-w- c:\docume~1\evan\applic~1\3203.bat
2011-02-13 08:10:27 169 ---ha-w- c:\docume~1\evan\applic~1\3967.bat
2011-02-13 07:48:29 169 ---ha-w- c:\docume~1\evan\applic~1\9022.bat
2011-02-13 07:30:29 165 ---ha-w- c:\docume~1\evan\applic~1\4246.bat
2011-02-13 07:03:29 163 ---ha-w- c:\docume~1\evan\applic~1\2137.bat
2011-02-13 06:45:17 165 ---ha-w- c:\docume~1\evan\applic~1\9918.bat
2011-02-13 05:42:17 169 ---ha-w- c:\docume~1\evan\applic~1\243.bat
2011-02-13 05:25:16 161 ---ha-w- c:\docume~1\evan\applic~1\9292.bat
2011-02-13 05:13:13 163 ---ha-w- c:\docume~1\evan\applic~1\7725.bat
2011-02-13 05:08:13 161 ---ha-w- c:\docume~1\evan\applic~1\1953.bat
2011-02-13 05:00:12 163 ---ha-w- c:\docume~1\evan\applic~1\6373.bat
2011-02-13 04:52:13 161 ---ha-w- c:\docume~1\evan\applic~1\4667.bat
2011-02-13 04:38:16 165 ---ha-w- c:\docume~1\evan\applic~1\5170.bat
2011-02-13 04:28:16 165 ---ha-w- c:\docume~1\evan\applic~1\1542.bat
2011-02-13 04:19:28 169 ---ha-w- c:\docume~1\evan\applic~1\6359.bat
2011-02-13 04:13:17 169 ---ha-w- c:\docume~1\evan\applic~1\1800.bat
2011-02-13 03:57:18 169 ---ha-w- c:\docume~1\evan\applic~1\1534.bat
2011-02-13 03:50:17 159 ---ha-w- c:\docume~1\evan\applic~1\9998.bat
2011-02-13 03:30:20 169 ---ha-w- c:\docume~1\evan\applic~1\5017.bat
2011-02-13 03:13:16 165 ---ha-w- c:\docume~1\evan\applic~1\6657.bat
2011-02-13 02:44:18 159 ---ha-w- c:\docume~1\evan\applic~1\4411.bat
2011-02-13 02:20:26 159 ---ha-w- c:\docume~1\evan\applic~1\8140.bat
2011-02-13 02:12:17 159 ---ha-w- c:\docume~1\evan\applic~1\5362.bat
2011-02-13 01:57:22 163 ---ha-w- c:\docume~1\evan\applic~1\2235.bat
2011-02-13 01:42:21 165 ---ha-w- c:\docume~1\evan\applic~1\1773.bat
2011-02-13 01:19:16 161 ---ha-w- c:\docume~1\evan\applic~1\4634.bat
2011-02-13 00:59:18 159 ---ha-w- c:\docume~1\evan\applic~1\9461.bat
2011-02-13 00:31:16 165 ---ha-w- c:\docume~1\evan\applic~1\915.bat
2011-02-13 00:14:17 159 ---ha-w- c:\docume~1\evan\applic~1\9683.bat
2011-02-12 23:49:23 165 ---ha-w- c:\docume~1\evan\applic~1\9132.bat
2011-02-12 23:41:17 163 ---ha-w- c:\docume~1\evan\applic~1\8343.bat
2011-02-12 23:28:23 163 ---ha-w- c:\docume~1\evan\applic~1\4494.bat
2011-02-12 23:02:16 165 ---ha-w- c:\docume~1\evan\applic~1\9472.bat
2011-02-12 22:39:17 167 ---ha-w- c:\docume~1\evan\applic~1\207.bat
2011-02-12 22:24:26 165 ---ha-w- c:\docume~1\evan\applic~1\1726.bat
2011-02-12 22:07:30 163 ---ha-w- c:\docume~1\evan\applic~1\3062.bat
2011-02-12 21:53:17 159 ---ha-w- c:\docume~1\evan\applic~1\3959.bat
2011-02-12 21:25:19 169 ---ha-w- c:\docume~1\evan\applic~1\5512.bat
2011-02-12 21:19:20 163 ---ha-w- c:\docume~1\evan\applic~1\535.bat
2011-02-12 21:12:17 161 ---ha-w- c:\docume~1\evan\applic~1\9413.bat
2011-02-12 20:50:23 167 ---ha-w- c:\docume~1\evan\applic~1\8631.bat
2011-02-12 20:29:30 167 ---ha-w- c:\docume~1\evan\applic~1\2019.bat
2011-02-12 20:19:25 159 ---ha-w- c:\docume~1\evan\applic~1\1888.bat
2011-02-12 20:00:21 165 ---ha-w- c:\docume~1\evan\applic~1\1561.bat
2011-02-12 19:54:21 169 ---ha-w- c:\docume~1\evan\applic~1\299.bat
2011-02-12 19:26:22 159 ---ha-w- c:\docume~1\evan\applic~1\3535.bat
2011-02-12 19:07:20 167 ---ha-w- c:\docume~1\evan\applic~1\198.bat
2011-02-12 12:03:58 167 ---ha-w- c:\docume~1\evan\applic~1\701.bat
2011-02-12 11:43:11 167 ---ha-w- c:\docume~1\evan\applic~1\209.bat
2011-02-12 11:23:24 169 ---ha-w- c:\docume~1\evan\applic~1\301.bat
2011-02-12 10:29:06 165 ---ha-w- c:\docume~1\evan\applic~1\7254.bat
2011-02-12 09:28:02 165 ---ha-w- c:\docume~1\evan\applic~1\8610.bat
2011-02-12 08:55:03 161 ---ha-w- c:\docume~1\evan\applic~1\4904.bat
2011-02-12 08:38:56 163 ---ha-w- c:\docume~1\evan\applic~1\2788.bat
2011-02-12 08:23:15 169 ---ha-w- c:\docume~1\evan\applic~1\6336.bat
2011-02-12 08:18:56 165 ---ha-w- c:\docume~1\evan\applic~1\8191.bat
2011-02-12 08:11:56 159 ---ha-w- c:\docume~1\evan\applic~1\6420.bat
2011-02-12 08:06:04 165 ---ha-w- c:\docume~1\evan\applic~1\1237.bat
2011-02-12 07:57:59 159 ---ha-w- c:\docume~1\evan\applic~1\9747.bat
2011-02-12 07:33:59 159 ---ha-w- c:\docume~1\evan\applic~1\9106.bat
2011-02-12 07:25:13 163 ---ha-w- c:\docume~1\evan\applic~1\8938.bat
2011-02-12 07:09:59 169 ---ha-w- c:\docume~1\evan\applic~1\9003.bat
2011-02-12 06:43:59 165 ---ha-w- c:\docume~1\evan\applic~1\9230.bat
2011-02-12 06:13:58 163 ---ha-w- c:\docume~1\evan\applic~1\1383.bat
.
============= FINISH: 17:42:10.70 ===============


Any help is really appreciated, I know you guys get inundated with crys for help from people like me, so really, thank you for taking some time to hopefully help me out of this mess!

Evan

BC AdBot (Login to Remove)

 


#2 oneafter909

oneafter909
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 02 May 2011 - 08:40 AM

Sorry, I'm not sure how to close my thread but my issue has been resolved. Thanks!

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,842 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:26 PM

Posted 02 May 2011 - 11:08 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users