Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Inqwire popups killing me. Please help!


  • This topic is locked This topic is locked
17 replies to this topic

#1 MJS

MJS

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 16 November 2005 - 07:38 PM

So glad to have found this site! Here's my hjt log file. Any ideas?

Logfile of HijackThis v1.99.1
Scan saved at 7:30:12 PM, on 11/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\HPConfig.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\msvcmm32.exe
C:\Program Files\Palm\STPTRemote.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\PROGRA~1\AWS\WEATHE~1\WEATHER.EXE
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\InterWise\Student\pull.exe
C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~1.EXE
C:\Program Files\Palm\HOTSYNC.EXE
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Download\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapp...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [LoadMSvcmm] C:\WINDOWS\system32\msvcmm32.exe
O4 - HKLM\..\Run: [PAPIRUS SYSTRAY RESIDENT] "C:\Program Files\Palm\STPTRemote.exe"
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\WEATHER.EXE 1
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: Push Client.lnk = C:\InterWise\Student\pull.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O15 - Trusted Zone: http://*.hp.com
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: HP Configuration Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\System32\HPConfig.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\Program Files\Radmin\r_server.exe" /service (file missing)
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

    Advertisements

Register to Remove


#2 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 28 November 2005 - 05:31 PM

I would Go to add and remove programs and remove,

C:\Program Files\Viewpoint

Please set your system to show
all files; please see here if you're unsure how to do this.

Here are the directions for creating a zip file For Windows XP:
Using Windows Explorer, locate the first file you want to zip.
Right click on the file and select Send To and Compressed (zipped) Folder.
Right click any other files you want to compress and select Copy.
Right click on the compressed folder and select Paste. The copied files will be compressed and pasted in.

I would like to see these two
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\InterWise\Student\pull.exe

Please upload the zip file if you can if you can't then upload the the files without zipping. here

#3 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 28 November 2005 - 07:45 PM

Sorry I guess I should have said post another log from hijackthis. :huh:

#4 MJS

MJS

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 28 November 2005 - 08:45 PM

OK, here it is!

Logfile of HijackThis v1.99.1
Scan saved at 8:44:22 PM, on 11/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\HPConfig.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\msvcmm32.exe
C:\Program Files\Palm\STPTRemote.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\PROGRA~1\AWS\WEATHE~1\WEATHER.EXE
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\InterWise\Student\pull.exe
C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~1.EXE
C:\Program Files\Palm\HOTSYNC.EXE
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\wisptis.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Scanner Recorder\Scanrec19.exe
C:\Dev\EchoWatch\EchoWatch.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\MDM.EXE
C:\Download\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapp...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [LoadMSvcmm] C:\WINDOWS\system32\msvcmm32.exe
O4 - HKLM\..\Run: [PAPIRUS SYSTRAY RESIDENT] "C:\Program Files\Palm\STPTRemote.exe"
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\WEATHER.EXE 1
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: Push Client.lnk = C:\InterWise\Student\pull.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O15 - Trusted Zone: http://*.hp.com
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: HP Configuration Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\System32\HPConfig.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\Program Files\Radmin\r_server.exe" /service (file missing)
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

#5 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 28 November 2005 - 09:39 PM

Download System Security Suite v1.04 here
Tutorial here.


Reboot in safe mode. Close all Browser and Program Windows.
Have HijackThis fix the following. Do this by checking the box beside each and then clicking on Fix checked.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapp...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R3 - Default URLSearchHook is missing
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O15 - Trusted Zone: http://*.hp.com



Then Run 3S under “Items To Clear” tab place a checkmark in all of them but the last.
Reboot and Rescan with HJT and post a new log here.
Also please describe how your computer behaves now.


I would stop these with 3S if you don't want to kill and delete them both call home and are not necessary
O4 - Global Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: Push Client.lnk = C:\InterWise\Student\pull.exe

Edited by little eagle, 28 November 2005 - 09:40 PM.


#6 MJS

MJS

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 29 November 2005 - 09:19 PM

OK, I followed your instructions exactly. I even removed the DING and INTERWISE programs through the Add/Remove programs.

My computer seems to be running a bit slower than before. Also, in the short time I was online to post this, I received 2 popups. One was the ol' "There may be spyware running on your machine, click here to scan" with the blue background and no title bar. The other was a financial debt popup. Here's the header from the source on that one ...


<head>
<meta name="GENERATOR" content="Microsoft FrontPage 6.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<meta http-equiv="Content-Language" content="en-us">
<title>Debt Advise</title>
<meta name="description" content="Free Debt advise and financial help on how to manage your money, get out of debt, and find financial freedom.">
<meta name="keywords" content="financial advice, financial help, Free Debt advise, financial freedom, get out of debt">
<meta http-equiv="pics-label" content='(pics-1.1 "http://www.icra.org/...atingsv02.html" comment "ICRAonline v2.0" l gen false for "http://www.free-fina...ial-advice.net" r (nz 1 vz 1 lz 1 oz 1 cz 1) "http://www.rsac.org/...atingsv01.html" l gen false for "http://www.free-fina...ial-advice.net" r (n 0 s 0 v 0 l 0))'>
<link rel="stylesheet" type="text/css" title="styles" href="stylesheets/styles.css" />
</head>

Here's my new hijackthis log file ...

Logfile of HijackThis v1.99.1
Scan saved at 9:11:45 PM, on 11/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\HPConfig.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\msvcmm32.exe
C:\Program Files\Palm\STPTRemote.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\PROGRA~1\AWS\WEATHE~1\WEATHER.EXE
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~1.EXE
C:\Download\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [LoadMSvcmm] C:\WINDOWS\system32\msvcmm32.exe
O4 - HKLM\..\Run: [PAPIRUS SYSTRAY RESIDENT] "C:\Program Files\Palm\STPTRemote.exe"
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\WEATHER.EXE 1
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: HP Configuration Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\System32\HPConfig.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\Program Files\Radmin\r_server.exe" /service (file missing)
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

#7 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 30 November 2005 - 06:01 AM

Please set your system to show
all files; please see here if you're unsure how to do this.
Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\WEATHER.EXE 1
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)


Click on Fix Checked when finished and exit HijackThis.
Reboot into Safe Mode: please see here if you are not sure how to do this.
Using Windows Explorer, locate the following files/folders, and delete them:

C:\PROGRA~1\AWS
Exit Explorer, and reboot as normal afterwards.

Post back a fresh HijackThis log and we will take another look.

#8 MJS

MJS

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 30 November 2005 - 05:46 PM

OK, I once again followed your instructions. I must say, though, that Weatherbug is a program that I've had for over a year now that has never given me any trouble. It's gone now.

After following your instructions exactly, here's my latest log file ...

Logfile of HijackThis v1.99.1
Scan saved at 5:43:13 PM, on 11/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\HPConfig.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\msvcmm32.exe
C:\Program Files\Palm\STPTRemote.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~1.EXE
C:\Download\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [LoadMSvcmm] C:\WINDOWS\system32\msvcmm32.exe
O4 - HKLM\..\Run: [PAPIRUS SYSTRAY RESIDENT] "C:\Program Files\Palm\STPTRemote.exe"
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: HP Configuration Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\System32\HPConfig.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\Program Files\Radmin\r_server.exe" /service (file missing)
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

#9 MJS

MJS

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 30 November 2005 - 07:40 PM

Little Eagle, By the way, the popups seem to be worse than ever. I get several now even when my browser is not up and running. I sure do appreciate all the help you've offered and am awaiting your next set of instructions! (my latest hijackthis log is posted above). Michael

#10 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 30 November 2005 - 08:02 PM

Download, unzip and run 'RootkitRevealer' from Sysinternals:

http://www.sysintern...itRevealer.html

Once the program has started, press Scan and let it run.

When the scan is done, use 'File > Save' to place the logfile in a convenient location (such as the desktop). The default filename will be 'RootkitReveal.txt'.

Copy/Paste the contecnts of that logfile into your next reply

Start RKR, wait about 10 seconds, click Scan, then leave computer untouched until it completes. An idle machine will minimise the possibility of false positive reports caused by changes to the system during the scan. Background processes may still make intermittent changes, but resulting discrepancies tend to be obvious from their registry or filesystem branch; on a re-scan many may not recur.

    Advertisements

Register to Remove


#11 MJS

MJS

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 01 December 2005 - 06:05 PM

OK, I downloaded and rand the Rootkitrevealer and did exactly what you mentioned. It's big, but here's my Rootkitrevealer log file ... HKLM\SOFTWARE\CqQQ2AB7YS66 11/25/2005 11:04 AM 0 bytes Hidden from Windows API. HKLM\SOFTWARE\DeterministicNetworks\DNE\Parameters\SymbolicLinkValue 4/20/2004 4:37 PM 132 bytes Hidden from Windows API. HKLM\SOFTWARE\Network Associates\TVD\Shared Components\On Access Scanner\McShield\dwFilesScanned 12/1/2005 5:14 PM 4 bytes Data mismatch between Windows API and raw hive data. HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_PALARPC 11/25/2005 11:04 AM 0 bytes Hidden from Windows API. HKLM\SYSTEM\ControlSet001\Services\Palarpc 11/30/2005 5:37 PM 0 bytes Hidden from Windows API. C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\AgentEvents\00000591.xml 12/1/2005 5:18 PM 1.17 KB Hidden from Windows API. C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\AgentEvents\00000592.XML 12/1/2005 5:37 PM 972 bytes Hidden from Windows API. C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\AgentEvents\00000593.XML 12/1/2005 5:45 PM 1.23 KB Hidden from Windows API. C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\AgentEvents\00000594.XML 12/1/2005 5:45 PM 1.23 KB Hidden from Windows API. C:\Documents and Settings\Michael\Local Settings\Temp\CPTF 11/30/2005 6:13 PM 0 bytes Hidden from Windows API. C:\Program Files\Javffice 11/25/2005 11:04 AM 0 bytes Hidden from Windows API. C:\Program Files\Javffice\ACE.DLL 11/25/2005 11:04 AM 568.00 KB Hidden from Windows API. C:\Program Files\Javffice\AI_01-12-2005.log 12/1/2005 12:00 AM 3 bytes Hidden from Windows API. C:\Program Files\Javffice\AI_25-11-2005.log 11/26/2005 12:01 AM 3 bytes Hidden from Windows API. C:\Program Files\Javffice\AI_26-11-2005.log 11/27/2005 12:00 AM 3 bytes Hidden from Windows API. C:\Program Files\Javffice\AI_27-11-2005.log 11/28/2005 12:00 AM 3 bytes Hidden from Windows API. C:\Program Files\Javffice\AI_28-11-2005.log 11/29/2005 12:00 AM 3 bytes Hidden from Windows API. C:\Program Files\Javffice\AI_29-11-2005.log 11/29/2005 6:22 PM 3 bytes Hidden from Windows API. C:\Program Files\Javffice\AI_30-11-2005.log 11/30/2005 5:31 PM 3 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache 11/25/2005 11:04 AM 0 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00000029_4387493f_0000df1c 11/25/2005 11:26 AM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00000029_438cfa68_0002f930 11/29/2005 9:14 PM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00000029_438e3971_00039733 11/30/2005 5:44 PM 285.17 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00000035_438dcffe_000631bc 11/30/2005 10:14 AM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00000099_43888caf_00026876 11/26/2005 10:26 AM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00000099_438d1991_00075ff8 11/29/2005 9:16 PM 1.12 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00000099_438e40c1_0006fade 11/30/2005 7:46 PM 8.39 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\000000c1_438b9b61_000323e1 11/28/2005 6:05 PM 2.15 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00000120_43891af4_000b96d1 11/26/2005 8:33 PM 5.06 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00000120_438d43c6_0000e891 11/30/2005 12:16 AM 2.78 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00000120_438f81ca_000564eb 12/1/2005 5:05 PM 3.84 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00000124_43889abf_00028211 11/26/2005 11:26 AM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00000124_438d1994_000749b9 11/29/2005 9:16 PM 21.75 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00000124_438e40c2_0002e049 11/30/2005 7:46 PM 273 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\000001d3_438a5575_0005d029 11/27/2005 6:55 PM 30.56 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\000001d3_438e326e_0005ac08 11/30/2005 5:14 PM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\000001e1_438b9de4_000b763e 11/28/2005 6:16 PM 2.17 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\000001eb_43881c2e_000e6bf6 11/26/2005 2:26 AM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\000001eb_438d198e_00063d43 11/29/2005 9:16 PM 656 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\000001eb_438e404c_000e5776 11/30/2005 6:14 PM 295.56 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\0000030a_43891710_0001edd1 11/26/2005 8:16 PM 3.11 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\0000030a_438d43c3_0008a2c0 11/30/2005 12:16 AM 1.37 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\0000030a_438e6d21_0001b4cb 11/30/2005 9:25 PM 278 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00000384_438a5460_0005616e 11/27/2005 6:50 PM 454 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00000384_438d4892_0002ad79 11/30/2005 12:37 AM 112.60 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00000390_438b9d69_000d57ee 11/28/2005 6:24 PM 48.44 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\0000047e_438a5451_00092d43 11/27/2005 6:50 PM 241 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00000588_438a93fd_000097c3 11/27/2005 11:22 PM 666 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00000607_438ce1cf_00056660 11/29/2005 5:18 PM 35.53 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00000633_438a925a_00052393 11/27/2005 11:15 PM 4.48 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00000677_438a5461_00000de6 11/27/2005 6:50 PM 6.95 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00000677_438d4914_0006e8cb 11/30/2005 12:39 AM 479 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\000006e3_438cdd2a_0009fd1e 11/30/2005 6:22 PM 3.11 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00000728_438b9d9c_00008f00 11/28/2005 6:15 PM 2.15 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00000732_438d43c6_000024f9 11/30/2005 12:16 AM 1.99 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00000732_438f810b_0002e0d9 12/1/2005 5:02 PM 1.12 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\0000074d_4388fd2f_00030e31 11/26/2005 6:26 PM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\0000074d_438d1ae1_00023a3b 11/29/2005 9:22 PM 6.35 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00000784_438ce1d7_0004f6e6 11/29/2005 5:18 PM 4.25 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\000007cf_438a553a_0007446c 11/27/2005 6:54 PM 17.09 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\000007cf_438dde0e_0004eb46 11/30/2005 11:14 AM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00000822_438a3db4_000cc7c9 11/27/2005 5:13 PM 2.15 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\0000086a_438b8ddf_000e6970 11/28/2005 5:08 PM 7.63 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00000871_438b9fe1_00044f1e 11/28/2005 6:25 PM 16.22 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00000878_438bc0f6_00096b61 11/28/2005 8:46 PM 2.15 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00000902_438a4888_000d7b80 11/27/2005 6:03 PM 473 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00000975_438a5c77_00035ce0 11/27/2005 7:25 PM 153.58 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00000975_438e34fb_0005a7fe 11/30/2005 5:25 PM 278 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\000009ce_438af76f_0006f641 11/28/2005 6:26 AM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00000a28_438ae95f_00081599 11/28/2005 5:26 AM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00000a41_438ce1cd_000d4d4c 11/29/2005 5:18 PM 7.95 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00000a4a_438a9365_000c88a3 11/27/2005 11:19 PM 2.17 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00000a6c_438ce053_0009949c 11/29/2005 5:12 PM 181.07 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00000bb3_43882a3e_000e8591 11/26/2005 3:26 AM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00000bb3_438d198e_00068b80 11/29/2005 9:16 PM 455 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00000bb3_438e405b_000a3d64 11/30/2005 6:14 PM 284.39 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00000bdb_43891721_000cd8a3 11/30/2005 12:15 AM 3.38 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00000bdb_438d43c3_000e4a24 11/30/2005 12:16 AM 2.75 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00000bdb_438f8101_0008ec78 12/1/2005 5:02 PM 24.71 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00000c15_438a924c_0004113b 11/27/2005 11:14 PM 758 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00000c1e_438ce081_000ba931 11/29/2005 5:13 PM 227.86 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00000c7b_438a924c_000102db 11/27/2005 11:14 PM 2.17 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00000d66_438a5452_000e16b0 11/27/2005 6:50 PM 5.05 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00000d6a_438b8e2c_000e6c41 11/28/2005 5:09 PM 646 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00000ddc_4389a5ef_00050510 11/27/2005 6:26 AM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00000ddc_438d43ee_000d6698 11/30/2005 12:17 AM 1.38 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00000de5_438a94ff_00083f8e 11/27/2005 11:26 PM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00000e12_438a5465_0006b681 11/27/2005 6:50 PM 3.82 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00000e12_438d4a4e_000c20bc 11/30/2005 12:44 AM 1.50 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00000e29_438bf4cd_000926e3 11/29/2005 12:27 AM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00000e90_438a5c17_0009f6a4 11/27/2005 7:23 PM 3.14 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00000e90_438e347b_0003e9d3 11/30/2005 5:23 PM 284.65 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00000ea9_438b9aef_000ab878 11/28/2005 6:04 PM 7.63 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00000ecc_438a5565_0009965e 11/27/2005 6:55 PM 18.26 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00000ecc_438e164e_00032e09 11/30/2005 3:14 PM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00000f3e_43887e9f_00000413 11/26/2005 9:26 AM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00000f3e_438d1990_000e1391 11/29/2005 9:16 PM 752 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00000f3e_438e40b9_00037141 11/30/2005 6:15 PM 288.52 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00000fbf_438a5319_000cb656 11/27/2005 6:45 PM 36 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00000fc9_438a5464_000ad116 11/27/2005 6:50 PM 7.49 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00000fc9_438d4a4d_0003b394 11/30/2005 12:44 AM 22.97 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00001003_438ce1c2_000e969c 11/29/2005 5:18 PM 7.87 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00001030_438b9de5_000622b6 11/28/2005 6:16 PM 7.28 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00001049_438b8ddf_000bf789 11/28/2005 5:08 PM 3.93 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\000010d9_438b9bcd_00053524 11/28/2005 6:07 PM 37.72 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\000010d9_438b9db2_0005a050 11/28/2005 6:15 PM 146.57 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\0000113e_438c10fe_000c92ed 11/29/2005 2:27 AM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\0000117a_438bc0e0_00006ff7 11/28/2005 8:45 PM 4.56 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\000011f4_438a5469_0002accc 11/27/2005 6:50 PM 5.03 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\000011f4_438d5f7e_0002a4c0 11/30/2005 2:14 AM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00001238_43890252_00053549 11/26/2005 6:48 PM 1.76 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00001238_438d1fa6_0003d7c3 11/29/2005 9:42 PM 59.11 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\0000127e_438a5527_0005eed6 11/27/2005 6:54 PM 3.72 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\0000127e_438dc1ee_000357fe 11/30/2005 9:14 AM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00001289_438bc0ce_000ab0f3 11/30/2005 7:41 PM 223.03 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\000012db_4388465e_000f0704 11/26/2005 5:26 AM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\000012db_438d198f_000c5fa3 11/29/2005 9:16 PM 365 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\000012db_438e4062_00092bd1 11/30/2005 6:14 PM 1.04 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\000012e1_438a40e5_000bc8b0 11/27/2005 5:27 PM 3.74 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00001316_438a938b_00003a2c 11/27/2005 11:20 PM 646 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00001366_438a085f_0002d10c 11/27/2005 1:26 PM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\0000138a_438b219f_00082dc9 11/28/2005 9:26 AM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\0000139d_438a49b7_00037bee 11/27/2005 6:05 PM 37.81 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\0000139d_438d4548_00020e1e 11/30/2005 12:23 AM 7.39 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\000013d3_438acd3f_00065b33 11/28/2005 3:26 AM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\000013e9_438a4b8e_000a78b1 11/27/2005 6:13 PM 98 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00001481_438a6cff_000e9958 11/27/2005 8:35 PM 15.90 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\0000153c_4388546f_00029e83 11/26/2005 6:26 AM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\0000153c_438d198f_000cade0 11/29/2005 9:16 PM 455 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\0000153c_438e4063_0000f108 11/30/2005 6:14 PM 5.30 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00001547_4388ef1f_0002f496 11/26/2005 5:26 PM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00001547_438d1aa7_0004025b 11/29/2005 9:21 PM 268.39 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00001547_438e4142_000f29a6 11/30/2005 6:18 PM 274 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\0000159f_438bae4f_000c55ce 11/28/2005 7:26 PM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\000015a1_438a3cfb_0008de48 11/27/2005 5:10 PM 36.58 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00001643_438a9477_0000fb3b 11/27/2005 11:24 PM 149.07 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00001649_4387d5e0_0001e4cc 11/25/2005 9:26 PM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00001649_438d1947_00068350 11/29/2005 9:15 PM 5.92 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00001649_438e3db7_000f1936 11/30/2005 6:03 PM 1.37 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\0000169a_438b9bc5_0008da1c 11/28/2005 6:07 PM 762 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\000016c5_438a4a14_000e63f1 11/27/2005 6:06 PM 18.44 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\000016d4_438a86ef_00039063 11/27/2005 10:26 PM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00001850_438a74bd_0002d51b 11/27/2005 9:08 PM 0 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\0000187e_438a4a14_000bcaec 11/27/2005 6:06 PM 34.66 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\0000187e_438d4572_0006a538 11/30/2005 12:23 AM 110.86 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\000018be_4387655f_000075d9 11/25/2005 1:26 PM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\000018be_438d180c_000a22a1 11/29/2005 9:10 PM 370 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\000018be_438e397a_00004618 11/30/2005 5:45 PM 8.47 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\000018d7_438a5461_0008eac9 11/27/2005 6:50 PM 35.96 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\000018d7_438d495e_000ad3d3 11/30/2005 12:40 AM 105.67 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00001916_438a545a_000e91ec 11/27/2005 6:50 PM 372 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00001916_438d47c7_000a7119 11/30/2005 12:33 AM 112.16 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00001953_438a5463_00076ed9 11/27/2005 6:50 PM 185 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00001953_438d4a4c_000b51e4 11/30/2005 12:44 AM 837 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\000019d9_438a6acf_000420c4 11/27/2005 8:26 PM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\000019d9_438e3505_0004ce69 11/30/2005 5:25 PM 999 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00001a49_4389518f_0001ab49 11/27/2005 12:26 AM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00001a49_438d43e0_0001f02c 11/30/2005 12:17 AM 1.29 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00001a49_438f8291_0000c049 12/1/2005 5:09 PM 84 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00001ad4_43890255_0001c26e 12/1/2005 5:02 PM 5.04 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00001ad4_438d41e0_000eadd1 11/30/2005 12:08 AM 57.36 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00001ad4_438e547b_000f4151 11/30/2005 7:40 PM 4.51 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00001af4_438a555c_0008c744 11/27/2005 6:55 PM 17.40 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00001af4_438e083e_0003146e 11/30/2005 2:14 PM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00001bd9_438b9fb2_000bd564 11/28/2005 6:24 PM 15.11 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00001cd0_438a166f_0008b92b 11/27/2005 2:26 PM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00001cd0_438d440c_000a1641 11/30/2005 12:17 AM 1.38 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00001cdf_438bd89a_0009707a 11/28/2005 10:27 PM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00001d11_438b921f_00059e06 11/28/2005 5:26 PM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00001d18_438a9273_0003656b 11/27/2005 11:15 PM 2.17 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00001d3f_438c9dd7_0008ea38 11/29/2005 12:28 PM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00001d5e_438cb9f7_00065d4b 11/29/2005 2:28 PM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00001dc0_438a6cb7_000bcb64 11/27/2005 8:34 PM 52.44 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00001dcb_438ce1c0_00022abe 11/29/2005 5:18 PM 227.86 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00001e1f_43890254_000a2456 11/26/2005 6:48 PM 1.12 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00001e1f_438d257f_000d8256 11/30/2005 7:30 PM 3.11 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00001e1f_438e5470_0000580b 12/1/2005 5:11 PM 247.54 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00001ff1_438cc807_00073a7e 11/29/2005 3:28 PM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00002059_438a546a_00063628 11/27/2005 6:50 PM 554 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00002059_438db3de_00027acb 11/30/2005 8:14 AM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00002079_438bc0d1_000d79cd 11/28/2005 8:45 PM 8.33 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00002120_438ce085_000de35b 11/29/2005 5:13 PM 278 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00002213_4389170d_000cdd7e 11/26/2005 8:16 PM 1.38 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00002213_438d43c0_00053543 11/30/2005 12:16 AM 42.86 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00002213_438e5504_0000630c 11/30/2005 7:42 PM 278 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\000022cd_438a5456_0004b3d3 11/27/2005 6:50 PM 175 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\000022cd_438d4778_000c5f93 11/30/2005 12:32 AM 6.55 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\000022ee_43891b03_00055916 11/27/2005 6:24 PM 54.32 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\000022ee_438d43c7_0001b1c9 11/30/2005 12:16 AM 403 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00002350_43891af6_000a4200 11/26/2005 8:33 PM 1.76 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00002350_438d43c6_0009c574 11/30/2005 12:16 AM 1.29 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00002350_438f81ce_000caa00 12/1/2005 5:05 PM 7.81 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\000023c9_438a4e47_00079a30 11/27/2005 6:24 PM 3.13 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\000023c9_438d45f2_000c0e3c 11/30/2005 12:25 AM 110.87 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00002462_438c2d30_000bc44c 11/29/2005 4:28 AM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\0000249e_438a5468_000c95e4 11/27/2005 6:50 PM 22.09 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\0000251f_438a9266_0004a37b 11/27/2005 11:15 PM 3.91 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00002528_438b9ae9_0009d320 11/28/2005 6:03 PM 146.06 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\0000252a_438a6c67_00028c93 11/27/2005 8:33 PM 3.14 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\0000260d_438d43c2_000a728c 11/30/2005 12:16 AM 4.17 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\0000260d_438e5504_000e71f9 11/30/2005 7:42 PM 4.54 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\0000261e_438a5459_00069a20 11/27/2005 6:50 PM 96 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\0000261e_438d47aa_00038a1b 11/30/2005 12:33 AM 110.60 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\0000263d_438afacd_0006f448 11/28/2005 6:40 AM 3.78 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00002668_438b8dda_000e2631 11/28/2005 5:08 PM 215.34 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\000026a6_4389024f_00080bab 11/26/2005 6:48 PM 232 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\000026a6_438d1d1c_00063774 11/29/2005 9:31 PM 109 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\000026b1_438bc0f7_000d7666 11/28/2005 8:46 PM 7.55 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\000026e9_43880e1e_000e7979 11/26/2005 1:26 AM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\000026e9_438d198d_000f1486 11/29/2005 9:16 PM 243 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\000026e9_438e4032_000eafec 11/30/2005 6:13 PM 1.83 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00002725_438a946c_000e2fce 11/27/2005 11:23 PM 83.88 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\000027da_438be6b3_000bf246 11/28/2005 11:27 PM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\0000282d_438b4bcf_00051dfe 11/28/2005 12:26 PM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00002833_438a5468_0004073e 11/27/2005 6:50 PM 7.09 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00002833_438d4a4f_0002d41e 11/30/2005 12:44 AM 22.97 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00002852_438a9404_000bbfb0 11/29/2005 4:52 PM 4.30 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\0000288f_438a5455_000e9ceb 11/27/2005 6:50 PM 173 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\0000288f_438d4760_0001e9db 11/30/2005 12:32 AM 110.60 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\000028e2_438bbf95_0006e2e4 11/28/2005 8:40 PM 2.15 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\0000293b_438b8e2c_000a732b 11/28/2005 5:09 PM 2.15 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00002959_438b2faf_00084764 11/28/2005 10:26 AM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\000029d8_438adb4f_00045124 11/28/2005 4:26 AM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00002a38_438b9d99_000e3ed0 11/28/2005 6:15 PM 100.91 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00002b00_438a78df_00039de6 11/27/2005 9:26 PM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00002b0c_438a5468_000df5f6 11/27/2005 6:50 PM 1.03 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00002b0c_438d516e_00028b24 11/30/2005 1:14 AM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00002b0f_438ce221_0003afe4 11/29/2005 5:20 PM 31.79 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00002ba5_438bbf91_000dd880 11/28/2005 8:40 PM 160.04 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00002c3b_438a3c82_00085951 11/27/2005 5:08 PM 65.55 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00002c49_438a5455_0006aabe 11/27/2005 6:50 PM 170 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00002c49_438d46c9_00070003 11/30/2005 12:29 AM 110.84 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00002cd6_43879d9f_00019fde 11/25/2005 5:26 PM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00002cd6_438d1918_0001d016 11/29/2005 9:14 PM 278 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00002cd6_438e3a4c_00057fd1 11/30/2005 5:48 PM 278 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00002cf7_438a9333_000aabcb 11/27/2005 11:18 PM 3.89 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00002d12_4388f812_0001a553 11/28/2005 6:06 PM 17.52 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00002d12_438d1add_000a8b43 11/29/2005 9:22 PM 2.25 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00002d12_438e530b_000a87ee 11/30/2005 7:34 PM 1014 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00002db5_438b9bc1_00096016 11/30/2005 7:40 PM 145.83 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00002e39_438c81b7_000a1713 11/29/2005 10:28 AM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00002e40_4389fa4f_00029053 11/27/2005 12:26 PM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00002e40_438d440a_0006d583 11/30/2005 12:17 AM 4.17 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00002ea6_4388384e_000e9f2c 11/26/2005 4:26 AM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00002ea6_438d198f_0006df5c 11/29/2005 9:16 PM 223 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00002ea6_438e4062_000000b1 11/30/2005 6:14 PM 1.10 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00002f0c_438bbf96_0004092c 11/28/2005 8:40 PM 3.91 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00002f14_438a531a_0001944b 11/27/2005 6:45 PM 36 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00002f14_438d4661_00004891 11/30/2005 12:27 AM 110.84 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00002fe7_438b9bc5_00094f78 11/28/2005 6:07 PM 7.12 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00002fff_438a5455_000aa3d4 11/27/2005 6:50 PM 172 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00002fff_438d4734_0002526c 11/30/2005 12:31 AM 110.99 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00003004_438a92e9_0000cb21 11/27/2005 11:17 PM 2.15 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\0000301c_43891710_000a5559 11/26/2005 8:16 PM 409 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\0000301c_438d43c3_000a29f0 11/30/2005 12:16 AM 448 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\0000301c_438e6d21_000e63a6 11/30/2005 9:25 PM 7.67 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\0000305e_4388a8cf_00029bac 11/26/2005 12:26 PM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\0000305e_438d1996_00053150 11/29/2005 9:16 PM 0 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\0000305e_438e40dd_0001a2bc 11/30/2005 6:16 PM 162.92 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00003087_438b9b3d_000eba00 11/28/2005 6:05 PM 2.15 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\000030f1_438b9b4f_0007a26e 11/28/2005 6:05 PM 3.89 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\0000314f_4389c20f_00027823 11/27/2005 8:26 AM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\0000314f_438d43fb_00014f19 11/30/2005 12:17 AM 4.17 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\0000323b_43890b3f_0004d61b 11/26/2005 7:26 PM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\0000323b_438d43ac_0004c4c3 11/30/2005 12:16 AM 56.24 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\0000323b_438e5502_00027b76 11/30/2005 7:42 PM 331.86 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\000032e6_438a545b_0008a1eb 11/27/2005 6:50 PM 28.51 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\000032e6_438d480f_000945f6 11/30/2005 12:34 AM 467 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00003305_438ce5fe_000209d9 11/29/2005 5:36 PM 15.18 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00003382_438bc0d1_0003d32b 11/28/2005 8:45 PM 3.91 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\000033ea_438d45e4_00094d96 11/30/2005 12:25 AM 110.87 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00003459_438afacb_0002eff1 11/28/2005 6:40 AM 93.66 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\0000366b_438a247f_0002dd24 11/27/2005 3:26 PM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\0000368e_438a5452_000d2bf9 11/27/2005 6:50 PM 5.55 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\0000368e_438d469b_0006c0db 11/30/2005 12:28 AM 110.84 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00003699_438a4815_000c0674 11/27/2005 5:58 PM 3.39 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\000036a1_438ce05b_0006da5b 11/29/2005 5:12 PM 8.45 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\000036c2_438bc0f6_000d1893 11/28/2005 8:46 PM 646 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\000037e5_438a6c86_0005fb16 11/27/2005 8:33 PM 51.61 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\000037e6_438a5cbf_000a4b08 11/27/2005 7:26 PM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\000037e6_438e34fc_000b7c21 11/30/2005 5:25 PM 8.48 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00003807_438a9259_0008efeb 11/27/2005 11:15 PM 2.15 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\0000390c_4388708f_00034714 11/26/2005 8:26 AM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\0000390c_438d1990_0003af7e 11/29/2005 9:16 PM 262 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\0000390c_438e408c_00035ed8 11/30/2005 6:15 PM 12.00 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00003960_438afaa6_00007183 11/28/2005 6:40 AM 3.61 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\000039b3_4388f0e5_000c78fb 11/30/2005 9:24 PM 1.13 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\000039b3_438d1aaa_00046178 11/29/2005 9:21 PM 8.33 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\000039b3_438e528c_00060f40 11/30/2005 7:31 PM 841 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\000039ce_438a92a8_0004686c 11/27/2005 11:16 PM 2.15 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00003a61_438a5456_00021ace 11/27/2005 6:50 PM 174 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00003a61_438d4772_00000453 11/30/2005 12:32 AM 110.68 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00003a9e_43897bbf_00046a01 11/27/2005 3:26 AM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00003a9e_438d43eb_000d2e99 11/30/2005 12:17 AM 4.18 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00003a9e_438f8301_000160dc 12/1/2005 5:10 PM 278 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00003b25_43890252_0005f8e1 11/26/2005 6:48 PM 1.72 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00003b25_438d2129_000e06f1 11/29/2005 9:48 PM 943 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00003b97_438b057f_00049df6 11/28/2005 7:26 AM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00003bf6_43896daf_0001de80 11/27/2005 2:26 AM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00003bf6_438d43ea_00049a53 11/30/2005 12:17 AM 40.32 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00003bf6_438f82fd_00093c89 12/1/2005 5:10 PM 347.81 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00003c61_438a5455_0009b91e 11/27/2005 6:50 PM 180 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00003c61_438d46d9_00053659 11/30/2005 12:29 AM 112.78 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00003cd5_438a4b8b_000add2c 12/1/2005 5:09 PM 5.43 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00003cd5_438d45bd_00078780 11/30/2005 12:25 AM 110.86 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00003cd6_438a5319_0008e45e 11/27/2005 6:45 PM 4.22 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00003cd6_438d463e_000af999 11/30/2005 12:27 AM 110.84 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00003d6c_43878f8f_00009b8c 11/25/2005 4:26 PM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00003d6c_438d18fc_000c8160 11/29/2005 9:14 PM 8.49 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00003d6c_438e3a4a_000489db 11/30/2005 5:48 PM 319.65 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00003e12_4389437f_00016a90 11/26/2005 11:26 PM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00003e12_438f8288_000d63a3 12/1/2005 5:08 PM 21.55 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00003ef6_438a3d6e_0000d9f6 11/27/2005 5:12 PM 39.07 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00003f0b_438b9b3c_0001de66 11/28/2005 6:05 PM 60.33 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00003f4a_438a9363_00009220 11/27/2005 11:20 PM 120.35 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00003f97_438b9b3e_000a9f6b 11/28/2005 6:05 PM 3.91 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00003f9a_438b9b7c_000542f1 11/28/2005 6:06 PM 2.17 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\0000401d_438a545d_00061426 11/27/2005 6:50 PM 5.75 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\0000401d_438d4810_00015969 11/30/2005 12:34 AM 1.22 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00004027_438b138f_00049073 11/28/2005 8:26 AM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00004080_438a4b8f_00034fbc 11/27/2005 6:13 PM 721 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00004080_438d45ce_00032a71 11/30/2005 12:25 AM 110.88 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00004087_438a6d05_0002335b 11/27/2005 8:35 PM 3.62 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\0000409d_438a40a2_000656b9 11/27/2005 5:26 PM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\000040a5_438b8e2d_0000d850 11/28/2005 5:09 PM 750 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\0000412f_438b9b4e_000bbd03 11/28/2005 6:05 PM 2.15 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\000041bb_4388000f_0002531c 11/26/2005 12:26 AM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\000041bb_438d1988_00061b83 11/29/2005 9:16 PM 8.47 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\000041bb_438e402e_000371c1 11/30/2005 6:13 PM 2.65 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\0000422d_438a5452_00033d41 11/27/2005 6:50 PM 1.05 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\0000422d_438d468f_000320be 11/30/2005 12:28 AM 110.86 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00004230_438a3c05_000d1703 11/27/2005 5:06 PM 30.32 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\0000428b_4389024d_000b0ecb 11/26/2005 6:48 PM 235 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\0000428b_438d1d17_00029799 11/29/2005 9:31 PM 811 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\0000428b_438e5424_0002a5a1 11/30/2005 7:38 PM 278 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00004325_438b8e1d_0000cc8c 11/28/2005 6:05 PM 58.06 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00004365_438bbf9e_000ec7cb 11/28/2005 8:40 PM 763 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00004402_438a5461_0000d17e 11/27/2005 6:50 PM 3.85 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00004402_438d494d_000c70be 11/30/2005 12:40 AM 105.67 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\0000440d_4388b6df_00030384 11/26/2005 1:26 PM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\0000440d_438d1999_000d0d3e 11/29/2005 9:16 PM 278 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\0000440d_438e40e6_000c87ac 11/30/2005 6:16 PM 537 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\0000441d_438b9b59_00060541 11/28/2005 6:05 PM 2.15 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\0000442b_438a6cf4_00053058 11/27/2005 8:35 PM 46.32 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00004509_43890251_000816eb 11/30/2005 7:38 PM 5.11 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00004509_438d1f51_000b24c3 11/29/2005 9:41 PM 2.46 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\0000456d_438cd617_000ad7d4 11/29/2005 4:28 PM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\0000458f_438a5c69_000b9cc6 11/27/2005 7:24 PM 141.62 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\0000458f_438e34f7_000851a1 11/30/2005 5:25 PM 284.66 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00004626_438bca82_00015311 11/28/2005 9:27 PM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00004657_438a5455_000438d8 11/27/2005 6:50 PM 171 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00004657_438d46bd_0007a739 11/30/2005 12:29 AM 110.84 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\0000468c_438b9aee_0009a103 11/28/2005 6:04 PM 648 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\000046c2_438b9b7d_000968c6 11/28/2005 6:06 PM 7.42 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\000046cf_438a5572_000c9fa1 11/27/2005 6:55 PM 17.17 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\000046cf_438e245e_00040b3c 11/30/2005 4:14 PM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\0000470e_438a92e9_000ae0f8 11/27/2005 11:17 PM 8.26 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00004823_4387574f_0000835c 11/25/2005 12:26 PM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00004823_438d0878_000200f6 11/29/2005 10:14 PM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00004823_438d1805_000df458 11/30/2005 5:41 PM 0 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\0000486a_438a92d0_000b662c 11/27/2005 11:17 PM 15.45 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\0000489c_438a545a_000938c4 11/27/2005 6:50 PM 322 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\000048cc_438d45fe_000bdc61 11/30/2005 12:26 AM 110.87 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\0000491c_4388c4ef_0003927b 11/26/2005 2:26 PM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\0000491c_438d199a_00040edc 11/29/2005 9:16 PM 2.70 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00004944_4389ec3f_0005fa73 11/27/2005 11:26 AM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00004944_438d4408_00034688 11/30/2005 12:17 AM 40.33 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\0000494a_438a5460_000b5710 11/27/2005 6:50 PM 20.61 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\0000494a_438d48e3_0004c356 11/30/2005 12:38 AM 110.70 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00004963_438bc0f6_000d8e39 11/28/2005 8:46 PM 750 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\000049bb_438a938b_00008869 11/27/2005 11:20 PM 750 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\000049f7_438a6cd5_000e97ce 11/27/2005 8:35 PM 53.21 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00004ad4_438a9333_000a84ac 11/27/2005 11:18 PM 7.46 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00004ae1_4387817e_000d2b2c 11/25/2005 3:26 PM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00004ae1_438e398c_0007b2ce 11/30/2005 5:45 PM 2.97 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00004b40_43891c5e_0005a343 11/29/2005 9:48 PM 592 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00004b40_438f81d5_000702dc 12/1/2005 5:05 PM 3.09 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00004c66_438b9db6_0005ddee 11/28/2005 6:15 PM 752 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00004cad_4389b3ff_00048231 11/27/2005 7:26 AM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00004cad_438d43f9_00076099 11/30/2005 12:17 AM 40.40 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00004cd4_438a5469_000b89b0 11/27/2005 6:50 PM 28.47 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00004cd4_438d97be_00026eb3 11/30/2005 6:14 AM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00004d06_4388d2ff_0000c4d4 11/26/2005 3:26 PM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00004d06_438d1a8f_0006ff16 11/29/2005 9:20 PM 243.74 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00004d67_438a9330_000f095c 11/27/2005 11:18 PM 130.78 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00004db7_4388e10f_0000b751 11/26/2005 4:26 PM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00004db7_438d1a90_000e8188 11/29/2005 9:20 PM 278 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00004db7_438e413d_000e710c 11/30/2005 6:18 PM 34.05 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00004dc8_43890245_000b3008 11/30/2005 7:38 PM 50.93 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00004df2_4389de2f_000607f6 11/27/2005 10:26 AM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00004df2_438d43fd_000de216 11/30/2005 12:17 AM 1.38 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00004e08_438b8e21_000838c0 11/28/2005 5:09 PM 2.15 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00004e38_438bbf9f_000840e1 11/28/2005 8:40 PM 23.62 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00004e45_438902e9_00097160 12/1/2005 5:11 PM 18.78 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00004e45_438d437c_000b5ab3 11/30/2005 12:15 AM 58.44 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00004e45_438e54b2_00041613 11/30/2005 7:41 PM 2.99 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00004e55_438b9d5e_000d1a0e 11/28/2005 6:14 PM 1013 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00004e57_438a9366_000bcaab 11/27/2005 11:19 PM 3.01 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00004eae_438a93fa_000aeaf6 11/27/2005 11:22 PM 143.72 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00004ebf_438c73a7_0005dd43 11/29/2005 9:28 AM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00004efe_438b9ed3_000ae81b 11/28/2005 6:20 PM 27.67 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00004f68_438a936a_0009e4a0 11/27/2005 11:19 PM 2.17 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00004fc0_438b9b61_000b8b69 11/28/2005 6:05 PM 7.18 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00004fe2_438bbc68_000b2a68 11/28/2005 8:26 PM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00005005_438a924c_0003c2fe 11/27/2005 11:14 PM 654 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00005039_438a5462_00079058 11/27/2005 6:50 PM 1.19 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00005039_438d49c8_000115b1 11/30/2005 12:44 AM 123.21 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00005064_438a927e_000c5910 11/27/2005 11:15 PM 2.15 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00005078_438a6cf9_00008fc9 11/27/2005 8:35 PM 46.37 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\000050a9_438bc0d0_0008837c 11/28/2005 8:45 PM 2.15 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\000050bf_438b9bc5_00030b99 11/28/2005 6:07 PM 658 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\0000513e_438a92a9_000a8acc 11/27/2005 11:16 PM 7.36 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\000051d1_438b9d9c_000cc880 11/28/2005 6:15 PM 3.89 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\0000520b_438afa51_000c5413 11/28/2005 6:38 AM 5.20 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\000053b1_438b8e2b_00003096 11/28/2005 5:09 PM 59.63 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00005422_438a3cfb_000de933 11/27/2005 5:10 PM 5.72 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\0000542c_438a5462_00087b0e 11/27/2005 6:50 PM 20.48 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\0000542c_438d4a4b_00026f61 11/30/2005 12:44 AM 14.58 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\0000549b_438bbf96_000a9f7a 11/28/2005 8:40 PM 8.50 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\000054d6_438b9aee_000d9a19 11/28/2005 6:04 PM 752 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\000054dc_438a5452_0005d646 11/27/2005 6:50 PM 1.12 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\000054de_4388f0da_0000c533 12/1/2005 5:11 PM 777.26 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\000054de_438d1aa9_0002fbc6 11/29/2005 9:21 PM 278 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\000054de_438e4143_000da816 11/30/2005 6:18 PM 464 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00005579_438a93fd_0004df16 11/27/2005 11:22 PM 770 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\000056ae_43891a76_0007e75b 11/26/2005 8:31 PM 3.39 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\000056ae_438d43c4_000572e1 11/30/2005 12:16 AM 11.48 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\000056ae_438f8108_0005de59 12/1/2005 5:02 PM 232 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00005753_438a4eaf_00063856 11/27/2005 6:26 PM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00005753_438d460a_00000d80 11/30/2005 12:26 AM 110.87 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00005772_438a49b6_000c5331 11/27/2005 6:05 PM 1.46 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\000057d3_438a5c50_0000fa50 11/27/2005 7:24 PM 124.07 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\000057d3_438e348d_000e16ac 11/30/2005 5:25 PM 33.44 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00005878_43891f21_0003997b 11/26/2005 8:51 PM 16.81 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00005878_438d43c8_0000f3d1 11/30/2005 12:16 AM 884 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00005878_438f8239_0003b516 12/1/2005 5:07 PM 347.81 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\000058b0_438a4803_0003128e 11/27/2005 5:57 PM 3.39 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\0000590e_438a74ba_00002b36 11/27/2005 9:08 PM 2.83 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\0000591d_438a6c64_000a46c1 11/27/2005 8:33 PM 3.10 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00005968_438a9332_000eed7e 11/27/2005 11:18 PM 2.15 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00005991_438a3dbe_000dc3a1 11/27/2005 5:14 PM 9.67 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00005a9f_438a5469_000a77db 11/27/2005 6:50 PM 10.88 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00005a9f_438d89ae_00076003 11/30/2005 5:14 AM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00005af1_4387f1fe_000e4643 11/25/2005 11:26 PM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00005af1_438d1987_000727b8 11/29/2005 9:16 PM 278 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00005af1_438e4024_00095641 11/30/2005 6:13 PM 5.39 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00005c46_438a92c9_0009b79c 11/27/2005 11:16 PM 8.16 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00005c5e_438b9db6_000c9728 11/28/2005 6:15 PM 7.68 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00005c67_438a5317_00046aac 11/27/2005 6:45 PM 2.83 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00005c67_438d4631_000ea990 11/30/2005 12:26 AM 110.84 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00005ccd_438b840f_0005ab89 11/28/2005 4:26 PM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00005cfd_4389356f_000102b8 11/26/2005 10:26 PM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00005cfd_438d43dd_00071156 11/30/2005 12:17 AM 3.05 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00005cfd_438f823d_000b2149 12/1/2005 5:07 PM 7.67 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00005d03_43890250_0003549c 12/1/2005 5:02 PM 1.05 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00005d03_438d1e9b_0003ef84 11/29/2005 9:38 PM 62.00 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00005d03_438e543b_0005c006 11/30/2005 7:39 PM 203.24 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00005d24_438a93fc_000d19e0 11/27/2005 11:22 PM 2.17 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00005db2_438a4b8f_0007e54c 11/27/2005 6:13 PM 805 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00005dd5_438a5469_00085431 11/27/2005 6:50 PM 215.10 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00005dd5_438d6d8e_0001fac3 11/30/2005 3:14 AM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00005e14_4389d01f_00024381 11/27/2005 9:26 AM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00005e76_438b3dbf_000972d4 11/28/2005 11:26 AM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00005e9d_438a5459_000dc8b4 11/27/2005 6:50 PM 415 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00005e9d_438d47ba_000e2110 11/30/2005 12:33 AM 150.50 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00005ed0_438a9366_0008bc4b 11/27/2005 11:19 PM 3.94 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00005f1e_438a5467_0008be4c 11/27/2005 6:50 PM 6.65 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00005f1e_438d4a4e_000f07fe 11/30/2005 12:44 AM 1.21 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00005f23_438b9d58_00007091 11/28/2005 6:20 PM 30.22 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00005f32_43895f9f_000176a8 11/27/2005 1:26 AM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00005f32_438d43e0_00026588 11/30/2005 12:17 AM 1.49 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00005f32_438f8291_000a39a6 12/1/2005 5:09 PM 838 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00005f34_438c6594_000d375e 11/29/2005 11:14 PM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00005f45_438abf2f_0003f6d0 11/28/2005 2:26 AM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00005f49_438997df_0004c456 11/27/2005 5:26 AM 5 bytes Hidden from Windows API. C:\Program Files\Javffice\Cache\00005f49_438d43ee_00080d70 11/30/2005 12:17 AM 1.29 KB Hidden from Windows API. C:\Program Files\Javffice\Cache\00005f90_4387c7cf_0001ecb0 11/25/2005 8:26 PM 5 bytes Hidd

#12 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 01 December 2005 - 10:28 PM

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download AproposFix from here:
http://swandog46.gee.../aproposfix.exe

Save it to your desktop but do NOT run it yet.

Then please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


Once in Safe Mode, please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

When the tool is finished, please reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file in the aproposfix folder.

#13 MJS

MJS

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 01 December 2005 - 11:16 PM

Wow! I'm amazed and thankful for your patience with my PC issues! OK, followed instructions exactly. Following are both the new hijackthis log and the aproposfix log files...

THANK YOU!

Logfile of HijackThis v1.99.1
Scan saved at 11:13:40 PM, on 12/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\HPConfig.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\msvcmm32.exe
C:\Program Files\Palm\STPTRemote.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Download\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [LoadMSvcmm] C:\WINDOWS\system32\msvcmm32.exe
O4 - HKLM\..\Run: [PAPIRUS SYSTRAY RESIDENT] "C:\Program Files\Palm\STPTRemote.exe"
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: HP Configuration Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\System32\HPConfig.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\Program Files\Radmin\r_server.exe" /service (file missing)
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

_____________________________


Log of AproposFix v1

************

Running from directory:
C:\Download\aproposfix\aproposfix

************

Registry entries found:

[HKEY_LOCAL_MACHINE\Software\CqQQ2AB7YS66]
@="6HSHYWJhiihiijixP96:6zhiihxkiD:4y5D9iZfZaLToniKYPcLYZiZPZLJVKLjZfZ"
"Device"="\\\\.\\CiSPIPE"
"DriverPath"="C:\\WINDOWS\\system32\\drivers\\sisecode.sys"
"DriverName"="Palarpc"
"HideUninstallerName"="C:\\Program Files\\Javffice\\desusapi.exe"
"UninstallerPath"="C:\\WINDOWS\\system32\\urebkend.exe"
"UninstallerRegKey"="HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{FE380C80-8B2D-45A1-879D-CEF9A09995C8}"
"UninstallerParams"="/CTUN"
"HDll"="C:\\WINDOWS\\system32\\dusmnmdd.dll"
"ServerAddress"="adchannel.contextplus.net"
"LegalNote"="http://adchannel.con...onbranded.html"
"PartnerId"="CP.IST2"
"InstallationId"="{Xc98f18c-3321-4354-53b3-17d27d57d981}"
"PageFiltering"=dword:00000001
"ClientName"="C:\\Program Files\\Javffice\\pjlbdusx.exe"

************

Removing hidden service:
Service Palarpc removed.

Removing hidden folder:
Deletion of folder Javffice succeeded!

Deleting files:

Deletion of file C:\WINDOWS\system32\drivers\sisecode.sys succeeded!
Deletion of file C:\WINDOWS\system32\qapasads.exe succeeded!
Deletion of file C:\WINDOWS\system32\dusmnmdd.dll succeeded!
Deletion of file C:\WINDOWS\system32\urebkend.exe succeeded!

Backing up files:
Done!

Removing registry entries:

REGEDIT4

[-HKEY_CURRENT_USER\Software\CqQQ2AB7YS66]
[-HKEY_LOCAL_MACHINE\Software\CqQQ2AB7YS66]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FE380C80-8B2D-45A1-879D-CEF9A09995C8}]

Done!

Finished!

#14 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 02 December 2005 - 06:20 AM

Run 'RootkitRevealer'
Once the program has started, press Scan and let it run.

When the scan is done, use 'File > Save' to place the logfile in a convenient location (such as the desktop). The default filename will be 'RootkitReveal.txt'.

Copy/Paste the contecnts of that logfile into your next reply.

But first Click here for Instructions on how to Scan with Spybot S&D and Ad-Aware.

Then Go here and run online scans, allow them to delete whatever they find:

TrendMicro HouseCall
eTrust AntiVirus Web Scanner

Note any thing that can't be fixed.
Reboot when done.

Hopefully there will be nothing in any scan.

#15 MJS

MJS

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 03 December 2005 - 03:40 PM

Little Eagle, Ever since I ran the aproposfix software, I have had ZERO popups! This is great news! I followed your instructions. Spybot found nothing. AdAware found a few and cleaned them up. The online TrendMicro HouseCall scan found nothing. The eTrust Antivirus Webscanner found 6 items but they were all in the apropposfix\backups directory. I assume this is no big deal since it's in the aproposfix\backups directory? Anyway, below is my new RootkitRevealer log. Things are looking much better and NO popups since running the aproposfix software! Let me know what I should do next, if anything. HKLM\SOFTWARE\DeterministicNetworks\DNE\Parameters\SymbolicLinkValue 4/20/2004 4:37 PM 132 bytes Hidden from Windows API. HKLM\SOFTWARE\Network Associates\TVD\Shared Components\On Access Scanner\McShield\szLastScanned 12/3/2005 3:30 PM 92 bytes Windows API length not consistent with raw hive data. HKLM\SOFTWARE\Network Associates\TVD\Shared Components\On Access Scanner\McShield\dwFilesScanned 12/3/2005 3:30 PM 4 bytes Data mismatch between Windows API and raw hive data.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users