Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Now for my girlfriend's computer...

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Unread postby cawitt » November 5th, 2005, 2:40 am

C:\Program Files\Ituadobe\Cache\000058b0_436959f3_00022551 11/2/2005 7:29 PM 57.79 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000058b0_436aaff7_0001ab3f 11/3/2005 7:48 PM 44.73 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000058b0_436be9fa_0002625a 11/4/2005 6:08 PM 232.74 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000058c5_436aca97_000aba95 11/3/2005 9:42 PM 5.75 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\0000590e_43586298_000632ea 10/20/2005 10:38 PM 104.19 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\0000590e_43617b26_000bebc2 10/27/2005 8:14 PM 57.40 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\0000590e_436804d4_000c65d4 11/1/2005 7:14 PM 408 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\0000590e_436ab91a_000c65d4 11/3/2005 8:34 PM 46.04 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\0000591d_4361782b_000dd40a 10/27/2005 8:00 PM 61.11 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\0000591d_43680494_0007a120 11/1/2005 7:13 PM 399 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\0000591d_436ab8be_0003d090 11/3/2005 8:26 PM 78.32 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\0000591d_436ba9d5_0006ea05 11/4/2005 1:35 PM 12.29 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005968_4368086d_000e4e1c 11/1/2005 7:29 PM 18.04 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005968_436abba6_000ca2dd 11/3/2005 8:38 PM 22.13 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005991_435eceb2_00094c5f 11/4/2005 6:02 PM 44.66 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005991_43616545_000a4083 10/27/2005 6:39 PM 5.49 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005991_4367fca6_000632ea 11/1/2005 6:39 PM 0 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005991_4369599c_0000f424 11/2/2005 7:28 PM 54.36 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005991_436aaeef_0008d24d 11/3/2005 7:44 PM 41.77 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005991_436be9ca_000d59f8 11/4/2005 6:07 PM 234.36 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005a9b_436ac42f_0006acfc 11/3/2005 9:15 PM 14.76 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005a9c_436ac6e2_000ec82e 11/3/2005 9:26 PM 8.24 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005a9f_435ee1e4_00089544 10/25/2005 8:54 PM 41.78 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005a9f_4368033a_000b34a7 11/1/2005 7:07 PM 37.11 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005a9f_436ab753_000e8b25 11/3/2005 8:20 PM 2.48 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005af1_43584e28_0000b71b 10/20/2005 9:10 PM 2 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005af1_435c2bf0_000ca2dd 10/23/2005 7:33 PM 22.83 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005af1_435ec359_00000000 10/25/2005 6:44 PM 164.78 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005af1_4369503f_000ca2dd 11/2/2005 6:48 PM 2.65 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005af1_43699272_00014bdd 11/2/2005 11:34 PM 6.77 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005af1_436a9c1c_0001ab3f 11/3/2005 6:24 PM 298 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005af1_436bbb7c_0009c671 11/4/2005 2:50 PM 4.58 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005c46_43617cd0_000b71b0 10/27/2005 8:20 PM 85.91 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005c46_43680574_0001312d 11/1/2005 7:16 PM 19.37 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005c46_436abb07_000c65d4 11/3/2005 8:36 PM 76.34 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005c5e_436ac6b2_00039387 11/3/2005 9:25 PM 9.22 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005c67_435ecf5a_000d1cef 10/25/2005 7:35 PM 322.45 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005c67_436166bc_0000f424 10/27/2005 6:46 PM 49.18 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005c67_4367fdea_000e4e1c 11/1/2005 6:44 PM 32.60 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005c67_436ab0eb_00066ff3 11/3/2005 7:57 PM 3.73 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005c67_436ba502_0002dc6c 11/4/2005 1:14 PM 326.55 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005ccd_43680b60_00089544 11/1/2005 7:45 PM 25.35 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005ccd_436abeaa_00090f56 11/3/2005 8:51 PM 67.09 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005cfd_435eca39_00029f63 10/25/2005 8:46 PM 18.30 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005cfd_4367fac7_0009c671 11/1/2005 6:31 PM 408 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005cfd_436aac5a_0007a120 11/3/2005 7:33 PM 219.30 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005cfd_436b9e12_00029f63 11/4/2005 1:04 PM 95.97 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005cfd_436bdf01_0001ab3f 11/4/2005 5:21 PM 89.37 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005d03_4356d2d0_00003d09 10/19/2005 6:12 PM 26.22 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005d03_435bd4d4_0001e848 10/23/2005 1:22 PM 98.13 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005d03_435ec763_000487ab 10/25/2005 8:43 PM 145.44 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005d03_4367f83a_00089544 11/1/2005 6:20 PM 40.42 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005d03_43695198_0003d090 11/2/2005 6:54 PM 16.89 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005d03_436a9ec3_000e4e1c 11/3/2005 6:35 PM 119.73 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005d03_436b9c20_000d59f8 11/4/2005 12:36 PM 82.63 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005d03_436bd826_000d1cef 11/4/2005 4:52 PM 233.64 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005d24_436abcd5_00090f56 11/3/2005 8:43 PM 49.61 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005db2_435ecf36_0008d24d 10/25/2005 7:35 PM 0 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005db2_4361669c_00089544 10/27/2005 6:45 PM 26.85 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005db2_4367fd9e_000baeb9 11/1/2005 6:44 PM 59.17 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005db2_43695a76_0002625a 11/2/2005 7:31 PM 2.95 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005db2_436ab089_0007de29 11/3/2005 7:51 PM 58.33 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005db2_436ba4dd_00039387 11/4/2005 1:13 PM 210.83 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005db2_436beae8_000a4083 11/4/2005 6:12 PM 399 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005dd5_435edfd7_0003d090 10/25/2005 8:45 PM 61.61 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005dd5_4368032b_0007270e 11/1/2005 7:07 PM 384 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005e14_435ecc82_0008d24d 10/25/2005 7:23 PM 49.14 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005e14_4361646a_0008583b 11/1/2005 6:46 PM 110.48 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005e14_4367fbe5_000c28cb 11/1/2005 6:36 PM 37.68 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005e14_436aad6c_000ca2dd 11/3/2005 7:39 PM 171.94 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005e14_436be89b_00039387 11/4/2005 6:02 PM 0 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005e73_43617cd7_000e1113 10/27/2005 8:20 PM 564 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005e73_43680769_00098968 11/1/2005 7:25 PM 63.97 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005e73_436abb76_0005b8d8 11/3/2005 8:37 PM 63.96 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005e76_43680b3a_00066ff3 11/1/2005 7:44 PM 58.01 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005e76_436abe51_00089544 11/3/2005 8:50 PM 44.66 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005e9d_435ed421_000bebc2 10/25/2005 7:56 PM 156.13 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005e9d_4367ff7b_000d9701 11/1/2005 6:51 PM 60.38 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005e9d_436ab375_00081b32 11/3/2005 8:03 PM 3.97 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005e9d_436ba601_000d59f8 11/4/2005 1:18 PM 232.00 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005ed0_436abc26_00007a12 11/3/2005 8:42 PM 6.59 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005f1e_435ed6ae_000a037a 10/25/2005 8:06 PM 122.33 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005f1e_43616a6a_00022551 10/27/2005 7:50 PM 144.60 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005f1e_4368016a_000e1113 11/1/2005 7:00 PM 47.80 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005f1e_436ab6c5_0006ea05 11/3/2005 8:17 PM 18.24 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005f23_436ac615_000dd40a 11/3/2005 9:23 PM 4.20 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005f32_435ecafc_0007a120 10/25/2005 8:42 PM 59.39 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005f32_4367fae4_000bebc2 11/1/2005 6:31 PM 246.37 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005f32_43695818_0001e848 11/2/2005 7:21 PM 21.06 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005f32_436aac6d_000d1cef 11/3/2005 7:33 PM 219.30 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005f32_436b9e3e_00044aa2 11/4/2005 12:45 PM 79.50 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005f32_436bdf42_00098968 11/4/2005 5:22 PM 96.31 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005f45_43680ac2_000a7d8c 11/1/2005 7:39 PM 66.16 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005f45_436abd66_0000b71b 11/3/2005 8:46 PM 23.55 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005f49_4361635b_00081b32 10/27/2005 6:53 PM 1.69 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005f49_4367fbad_0005f5e1 11/1/2005 6:35 PM 34.16 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005f49_436aad3b_000bebc2 11/3/2005 7:37 PM 117.37 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005f49_436b9fdc_00098968 11/4/2005 12:52 PM 60.31 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005f49_436be87e_00000000 11/4/2005 6:02 PM 211.46 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005f90_43584e23_000e8b25 10/20/2005 9:10 PM 4 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005f90_435c273c_00007a12 10/23/2005 7:13 PM 3.93 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005f90_43682590_000d9701 11/1/2005 9:33 PM 4.77 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005f90_4369501e_000c28cb 11/2/2005 6:47 PM 57.82 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005f90_436a9c19_000af79e 11/3/2005 6:24 PM 97.33 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005f90_436b9990_000b71b0 11/4/2005 12:25 PM 78.76 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005f90_436bbb6f_00000000 11/4/2005 2:50 PM 197.77 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005fa4_435ee302_00010d74 10/25/2005 8:59 PM 233.71 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005fa4_43617734_0009c671 10/27/2005 7:56 PM 7.21 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005fa4_436ab7a5_000d9701 11/3/2005 8:23 PM 16.58 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00005fa4_436ba6b6_0005f5e1 11/4/2005 1:21 PM 6.40 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006032_435ecd2b_000632ea 10/25/2005 7:26 PM 50.12 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006032_4361649c_000a037a 10/27/2005 6:37 PM 51.45 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006032_4367fc73_0008583b 11/1/2005 6:38 PM 33.48 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006032_43695920_00007a12 11/2/2005 7:26 PM 12.11 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006032_436aae21_0007de29 11/3/2005 7:42 PM 144.51 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006032_436ba011_000a7d8c 11/4/2005 12:53 PM 4.54 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006032_436be92f_00089544 11/4/2005 6:05 PM 405 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006048_435eee1c_0002b176 10/25/2005 9:46 PM 298 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006048_43680484_000e8b25 11/1/2005 7:12 PM 226.91 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006048_436ab865_0002dc6c 11/3/2005 8:24 PM 12.19 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006048_436ba86e_00057bcf 11/4/2005 1:29 PM 34.33 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000060bf_435ecf51_000d59f8 10/25/2005 7:35 PM 30.14 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000060bf_436166b5_000e4e1c 10/27/2005 6:45 PM 31.46 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000060bf_4367fdd4_00016e36 11/1/2005 6:44 PM 45.82 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000060bf_436ab0db_000a4083 11/3/2005 7:59 PM 17.11 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000060bf_436ba4fe_000b71b0 11/4/2005 1:14 PM 399 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000060bf_436bebee_000aba95 11/4/2005 6:17 PM 405 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006172_435ed467_0002dc6c 10/25/2005 7:57 PM 71.83 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006172_436ba60a_00040d99 11/4/2005 1:18 PM 410 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006270_4368052e_000ca2dd 11/1/2005 7:15 PM 207.15 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006270_436aba9f_00076417 11/3/2005 8:34 PM 55.40 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000063cb_435ec84d_000af79e 10/25/2005 7:05 PM 57.64 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000063cb_43616267_000b71b0 10/27/2005 6:27 PM 85.43 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000063cb_43695444_0004c4b4 11/2/2005 7:05 PM 63.32 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000063cb_436a9ef9_000a037a 11/3/2005 6:36 PM 399 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000063cb_436bd944_00081b32 11/4/2005 4:57 PM 409 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006443_4356d1ae_000632ea 10/19/2005 6:07 PM 5.19 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006443_435bd4a2_0002dc6c 10/23/2005 1:21 PM 102.76 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006443_435ec6cb_000e4e1c 10/25/2005 6:59 PM 255.43 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006443_436160c9_00007a12 11/4/2005 2:53 PM 180.89 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006443_4367f829_0001312d 11/1/2005 6:20 PM 564 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006443_43695090_0004c4b4 11/2/2005 6:53 PM 17.45 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006443_436995b0_00055976 11/2/2005 11:44 PM 833.63 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006443_436a9e36_00057bcf 11/3/2005 6:33 PM 215.66 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006479_43680b89_000b34a7 11/1/2005 7:42 PM 34.68 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006479_436abfbb_000aba95 11/3/2005 8:56 PM 6.39 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006486_436ac53e_000ec82e 11/3/2005 9:19 PM 974 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000064e0_436ac950_0005b8d8 11/3/2005 9:37 PM 10.40 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006512_436ac973_000b71b0 11/3/2005 9:37 PM 10.88 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000066bb_4356d1ba_00098968 10/19/2005 6:07 PM 70.64 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000066bb_435bd4a2_000bebc2 10/23/2005 1:21 PM 4.70 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000066bb_435ec6e2_0008583b 10/25/2005 6:59 PM 139.17 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000066bb_436160d5_000d59f8 10/27/2005 6:20 PM 5.88 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000066bb_4367f832_00053ec6 11/1/2005 6:20 PM 31.10 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000066bb_4369509b_000b34a7 11/2/2005 6:53 PM 17.53 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000066bb_436995b2_00077ec7 11/2/2005 11:44 PM 59.39 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000066bb_436a9e36_000cdfe6 11/3/2005 6:33 PM 5.29 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000066bb_436bc13a_000b34a7 11/4/2005 3:14 PM 25.19 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000066c4_435ecd22_000d9701 10/25/2005 7:26 PM 50.10 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000066c4_43616478_00007a12 11/1/2005 6:47 PM 101.30 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000066c4_4367fc4a_0004c4b4 11/1/2005 6:37 PM 36.13 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000066c4_43695913_000af79e 11/2/2005 7:25 PM 50.12 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000066c4_436aaddc_0007270e 11/3/2005 7:40 PM 116.55 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000066c4_436be8b9_0007de29 11/4/2005 6:03 PM 407 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000066fa_436abc6a_0005b8d8 11/3/2005 8:42 PM 4.24 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006732_435ee323_000a0155 10/25/2005 9:00 PM 266.42 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006732_43617735_00076417 10/27/2005 7:56 PM 1.39 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006732_43680473_00040d99 11/1/2005 7:12 PM 170.68 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006732_436ab7b6_00044aa2 11/3/2005 8:21 PM 2.90 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006732_436ba6f1_000e1113 11/4/2005 1:57 PM 86.31 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\0000676d_436ac931_0008583b 11/3/2005 9:36 PM 6.83 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006784_4356cd05_0006acfc 10/19/2005 5:47 PM 788.24 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006784_435849d3_00000000 11/2/2005 11:30 PM 373 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006784_435c02a7_000501bd 10/23/2005 4:37 PM 4.90 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006784_435d7feb_000dd40a 10/24/2005 7:44 PM 82.47 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006784_435ec24d_000487ab 10/25/2005 6:39 PM 3.40 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006784_4366bb7b_000a4083 10/31/2005 8:07 PM 19.55 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006784_4366ce2d_000dd40a 10/31/2005 9:08 PM 412.47 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006784_43682490_000f0537 11/1/2005 9:29 PM 4.80 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006784_436835e7_000f0537 11/1/2005 10:43 PM 7.40 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006784_4369717e_000f0537 11/2/2005 9:10 PM 235.07 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006784_436bb3e2_0009c671 11/4/2005 2:17 PM 25.22 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006899_435ecf08_0008d24d 10/25/2005 7:34 PM 200.81 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006899_43616679_0005b8d8 10/27/2005 6:44 PM 166.48 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006899_43695a6f_00022551 11/2/2005 7:31 PM 2.92 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006899_436ab02d_00031975 11/3/2005 7:49 PM 13.27 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006899_436ba4d2_000aba95 11/4/2005 1:13 PM 184.89 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006899_436bea55_000487ab 11/4/2005 6:10 PM 399 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000068f5_43618972_00089544 10/27/2005 9:14 PM 3.06 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000068f5_43680af2_0007a120 11/1/2005 7:40 PM 54.77 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000068f5_436abdc0_000b71b0 11/3/2005 8:47 PM 13.51 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\0000692c_435ecefa_0001ab3f 10/25/2005 7:34 PM 208.08 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\0000692c_43616603_00022551 10/27/2005 6:42 PM 175.74 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\0000692c_4367fd1b_00094c5f 11/1/2005 6:41 PM 384 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\0000692c_43695a59_000b71b0 11/2/2005 7:31 PM 16.70 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\0000692c_436ab002_0008d24d 11/3/2005 7:49 PM 15.93 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\0000692c_436bea50_000bebc2 11/4/2005 6:10 PM 404 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006952_43584e23_000cdfe6 10/20/2005 9:10 PM 4 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006952_435bd46d_0001312d 11/4/2005 5:20 PM 1.96 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006952_435c26ae_00003d09 10/23/2005 7:11 PM 28.74 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006952_4367f758_0006acfc 11/1/2005 6:16 PM 97.40 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006952_436941d0_000e4e1c 11/2/2005 5:46 PM 51.88 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006952_436a9c15_000d59f8 11/3/2005 6:24 PM 76.78 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006952_436b9983_0003d090 11/4/2005 12:25 PM 85.79 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006952_436bbb6b_0005f5e1 11/4/2005 2:50 PM 407 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000069d0_43680b4a_000e4e1c 11/1/2005 7:45 PM 25.85 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000069d0_436abe74_0002625a 11/3/2005 8:50 PM 15.58 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006a15_43680571_000c65d4 11/1/2005 7:16 PM 47.11 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006a15_436abae2_000d59f8 11/3/2005 8:35 PM 56.75 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006ad4_435edfdc_000ca2dd 10/25/2005 8:46 PM 44.94 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006ad4_4361765f_00066ff3 10/27/2005 7:52 PM 56.06 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006ad4_43680333_00053ec6 11/1/2005 7:07 PM 37.72 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006ad6_435ecf70_0009c671 10/25/2005 7:36 PM 11.41 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006ad6_436166f4_000c65d4 10/27/2005 6:47 PM 177.10 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006ad6_4367fe8c_00007a12 11/1/2005 6:47 PM 96.90 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006ad6_436ab0f7_000f0537 11/3/2005 7:57 PM 3.82 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006ad6_436ba50c_00039387 11/4/2005 1:14 PM 404 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006b28_436aca84_00044aa2 11/3/2005 9:42 PM 49.73 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006b36_435eca36_000f0537 10/25/2005 7:13 PM 61.63 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006b36_4367fac7_0008d24d 11/1/2005 6:31 PM 5.06 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006b36_436aac59_000501bd 11/3/2005 7:33 PM 152.68 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006b36_436b9e0b_000c28cb 11/4/2005 12:44 PM 3.38 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006b36_436bdeec_0001e848 11/4/2005 5:21 PM 72.36 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006b72_435ed473_0001312d 10/25/2005 7:57 PM 192.95 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006b72_436168d5_0001ab3f 10/27/2005 6:55 PM 50.95 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006b72_43680011_00022551 11/1/2005 6:53 PM 36.88 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006b72_436ba60a_00057bcf 11/4/2005 1:18 PM 407 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006b89_435ec98c_0003d090 10/25/2005 7:10 PM 22.66 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006b89_436162b0_0003d090 10/27/2005 6:31 PM 96.43 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006b89_4367f871_0007de29 11/1/2005 6:21 PM 8.15 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006b89_43695543_00039387 11/2/2005 7:09 PM 18.82 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006b89_436a9f76_0002625a 11/3/2005 6:38 PM 1.06 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006b89_436bdec1_000d59f8 11/4/2005 5:22 PM 1.18 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006bc9_436aca97_0008583b 11/3/2005 9:42 PM 3.96 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006bcb_435ed690_00016e36 10/25/2005 8:06 PM 100.06 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006bcb_43616a4a_000a7d8c 10/27/2005 7:01 PM 7.79 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006bcb_43680143_00022551 11/1/2005 6:58 PM 37.07 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006bcb_436ba632_000f0537 11/4/2005 1:19 PM 404 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006be8_435ed649_000d9701 10/25/2005 8:05 PM 20.06 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006be8_436169fd_0005b8d8 10/27/2005 7:00 PM 119.86 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006be8_436800c9_0006ea05 11/1/2005 7:07 PM 32.65 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006be8_436ab684_00090f56 11/3/2005 8:16 PM 9.17 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006be8_436ba62f_000dd40a 11/4/2005 1:19 PM 167.36 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006bfc_435ec860_0007de29 10/25/2005 7:07 PM 55.51 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006bfc_43616270_000dd40a 10/27/2005 6:27 PM 3.39 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006bfc_4367f85d_0001312d 11/4/2005 1:22 PM 3.66 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006bfc_43695460_00098968 11/4/2005 1:23 PM 219.55 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006bfc_436a9efe_000ca2dd 11/3/2005 6:36 PM 232.70 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006bfc_436bd947_0002625a 11/4/2005 4:57 PM 226.06 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006c69_435ed352_00007a12 10/25/2005 7:52 PM 195.42 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006c69_4367ff27_000d59f8 11/1/2005 6:49 PM 55.54 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006c69_436ab32e_0003d090 11/3/2005 8:02 PM 6.70 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006c69_436ba579_000cdfe6 11/4/2005 1:16 PM 408 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006c6c_436ac67e_00057bcf 11/3/2005 9:25 PM 2.49 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006cf4_43618242_0005f5e1 10/27/2005 8:43 PM 705 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006cf4_436abd60_0004c4b4 11/3/2005 8:46 PM 75.92 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006d22_435ee34a_00006140 10/25/2005 9:00 PM 118.69 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006d22_43617735_00094c5f 10/27/2005 7:56 PM 1.01 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006d22_43680473_000ca2dd 11/1/2005 7:12 PM 407 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006d22_436ab7b7_0008583b 11/3/2005 8:21 PM 2.90 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006d22_436ba760_00031975 11/4/2005 1:24 PM 16.12 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006d4e_436ac6b9_000b34a7 11/3/2005 9:26 PM 5.94 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006d69_43680562_000aba95 11/1/2005 7:16 PM 13.77 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006d69_436abad5_00007a12 11/3/2005 8:35 PM 57.77 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006da6_436ac996_000c28cb 11/3/2005 9:38 PM 1.66 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006df1_43584e27_00098968 10/26/2005 9:27 PM 2 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006df1_435c2bea_000d59f8 10/23/2005 7:36 PM 155.54 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006df1_4369503b_00044aa2 11/2/2005 6:53 PM 71.18 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006df1_43699270_0003eb40 11/2/2005 11:34 PM 74 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006df1_436a9c1a_000e1113 11/3/2005 6:24 PM 254 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006df1_436b99b2_0000f424 11/4/2005 12:26 PM 75.80 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006df1_436bbb7c_00022551 11/4/2005 2:50 PM 194.04 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006e5d_436161fd_000b71b0 10/27/2005 6:25 PM 6.01 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006e5d_4367f849_00066ff3 11/1/2005 6:20 PM 564 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006e5d_43695428_0001e848 11/2/2005 7:04 PM 663 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006e5d_436a9edb_00039387 11/3/2005 6:35 PM 415 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006e5d_436b9c29_000e1113 11/4/2005 12:36 PM 590 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006e5d_436bd942_00076417 11/4/2005 4:57 PM 5.37 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006e7e_436ac461_000e4e1c 11/3/2005 9:16 PM 314 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006e89_436ac9c9_000d9701 11/3/2005 9:39 PM 1.68 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006ea1_436ac694_0000f424 11/3/2005 9:26 PM 1.99 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006f11_436abc91_00066ff3 11/3/2005 8:42 PM 23.21 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006f3c_436abd5a_00066ff3 11/3/2005 8:46 PM 76.75 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006fc9_43680b5d_000d1cef 11/1/2005 7:42 PM 25.14 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00006fc9_436abe9e_000d1cef 11/3/2005 8:51 PM 17.10 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007014_43680bb5_000632ea 11/1/2005 7:45 PM 29.04 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\0000701f_435bd4c4_0007a120 10/23/2005 1:21 PM 71.32 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\0000701f_435ec73a_000d59f8 10/25/2005 7:02 PM 234.81 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\0000701f_4367f832_000dd40a 11/1/2005 6:20 PM 564 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\0000701f_43695193_000c28cb 11/2/2005 6:53 PM 16.54 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\0000701f_436995b5_00061091 11/2/2005 11:44 PM 82.82 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\0000701f_436a9e5a_000af79e 11/3/2005 6:33 PM 270.37 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\0000701f_436bd822_000dd40a 11/4/2005 4:52 PM 5.40 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007049_435eceee_000b34a7 10/25/2005 7:33 PM 218.25 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007049_436165de_000632ea 10/27/2005 6:42 PM 196.58 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007049_43695a51_00040d99 11/3/2005 6:24 PM 74.85 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007049_436aaffb_000487ab 11/3/2005 7:48 PM 820 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007049_436bea50_00029f63 11/4/2005 6:10 PM 236.72 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000071f0_435ed5e4_000cdfe6 10/25/2005 8:03 PM 129.83 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000071f0_43680055_000501bd 11/1/2005 6:55 PM 38.34 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000071f0_436ab594_000ca2dd 11/3/2005 8:12 PM 10.53 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000071f0_436ba61e_000e1113 11/4/2005 1:19 PM 234.91 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007282_43680527_000e4e1c 11/1/2005 7:15 PM 405 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007282_436ab956_000ec82e 11/3/2005 8:28 PM 38.22 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000072ae_4356cd0c_00000000 11/2/2005 5:42 PM 5.44 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000072ae_435bd46d_00007a12 11/4/2005 5:20 PM 1.87 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000072ae_435c26a2_000af79e 10/23/2005 7:11 PM 3.91 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000072ae_4367f757_0001ab3f 11/1/2005 6:16 PM 82.11 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000072ae_4368257b_00044aa2 11/1/2005 9:33 PM 5.34 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000072ae_4368374e_000d9701 11/1/2005 10:49 PM 727.34 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000072ae_43694164_000bebc2 11/2/2005 5:44 PM 20.87 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000072ae_436a9c07_000ec82e 11/3/2005 6:23 PM 82.17 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000072ae_436b9962_000d1cef 11/4/2005 12:24 PM 76.77 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000072ae_436bbb6b_00003d09 11/4/2005 2:50 PM 229.49 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000073d9_43617cf7_000bebc2 10/27/2005 8:20 PM 4.70 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000073d9_436807a3_00044aa2 11/1/2005 7:26 PM 22.64 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000073d9_436abb85_000d59f8 11/3/2005 8:39 PM 15.68 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000073da_435ecec7_000dd40a 10/25/2005 7:33 PM 571 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000073da_43616578_00098968 10/27/2005 6:41 PM 149.03 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000073da_4367fcaa_0007de29 11/1/2005 6:39 PM 1.38 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000073da_436959be_00057bcf 11/2/2005 7:28 PM 29.94 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000073da_436aafe3_000ca2dd 11/3/2005 7:48 PM 0 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000073da_436be9ea_000d9701 11/4/2005 6:08 PM 405 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000074ad_436abc96_0005b8d8 11/3/2005 8:42 PM 21.56 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\0000759a_435ec9c7_000a037a 10/25/2005 7:11 PM 49.43 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\0000759a_436162b9_00040d99 10/27/2005 6:28 PM 102.93 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\0000759a_4367fac0_000e8b25 11/1/2005 6:31 PM 226.48 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\0000759a_436aabf9_00076417 11/3/2005 7:39 PM 219.30 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\0000759a_436bdec4_00066ff3 11/4/2005 5:20 PM 96.60 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000075c1_436ac2b5_0007270e 11/3/2005 9:40 PM 1.14 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000075ef_435ecf97_0007de29 10/25/2005 7:36 PM 37.15 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000075ef_43616779_00040d99 10/27/2005 6:51 PM 110.46 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000075ef_4367fee7_000a037a 11/1/2005 6:48 PM 60.91 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000075ef_436ab219_0000f424 11/3/2005 7:58 PM 3.74 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000075ef_436ba552_000d9701 11/4/2005 1:15 PM 206.48 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\0000765f_4358629a_0001ab3f 10/20/2005 10:38 PM 254 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\0000765f_43617b9d_00081b32 10/27/2005 8:15 PM 2.13 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\0000765f_436804d4_000ca2dd 11/1/2005 7:14 PM 399 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\0000765f_436ab91c_00090f56 11/3/2005 8:27 PM 1.52 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\0000767d_435bd4d7_0000b71b 10/23/2005 1:22 PM 83.58 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\0000767d_4367f83a_000e4e1c 11/1/2005 6:20 PM 3.29 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\0000767d_436951bd_000cdfe6 11/2/2005 6:54 PM 1.52 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\0000767d_436a9ec6_000c28cb 11/3/2005 6:35 PM 408 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\0000767d_436bd82e_00044aa2 11/4/2005 4:52 PM 204.39 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\0000773b_43680525_00022551 11/1/2005 7:15 PM 403 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\0000773b_436ab950_00053ec6 11/3/2005 8:28 PM 76.26 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007874_435edfaf_00029f63 10/25/2005 8:45 PM 165.56 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007874_436175bd_00081b32 10/27/2005 7:50 PM 24.25 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007874_436ab6df_0008d24d 11/3/2005 8:18 PM 51.49 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000078d4_43680b79_000b71b0 11/1/2005 7:42 PM 31.95 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000078d4_436abefc_00094c5f 11/3/2005 8:54 PM 4.78 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\0000797d_43616359_00003d09 10/27/2005 6:53 PM 56.73 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\0000797d_4367fbab_0005f5e1 11/1/2005 6:35 PM 13.53 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\0000797d_436aad30_00053ec6 11/3/2005 7:37 PM 211.69 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\0000797d_436b9f6e_0003567e 11/4/2005 5:21 PM 12.22 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\0000797d_436be87c_00003d09 11/4/2005 6:02 PM 405 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007983_435ecf8d_00022551 10/25/2005 7:36 PM 231.07 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007983_43616770_00053ec6 10/27/2005 6:49 PM 101.83 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007983_436ab1ae_000487ab 11/3/2005 7:56 PM 13.04 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\0000798b_435ecebc_000501bd 10/25/2005 7:33 PM 210.58 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\0000798b_43616570_0005f5e1 10/27/2005 6:40 PM 83.36 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\0000798b_4367fcaa_00044aa2 11/1/2005 6:39 PM 2.24 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\0000798b_436959a8_0002625a 11/2/2005 7:28 PM 1.65 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\0000798b_436aafc6_00000000 11/3/2005 7:48 PM 54.30 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\0000798b_436be9de_0001ab3f 11/4/2005 6:08 PM 404 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\000079d1_436ac61d_000d9701 11/3/2005 9:23 PM 8.54 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007a5a_435bd4d4_0008583b 10/23/2005 1:22 PM 4.54 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007a5a_4367f83a_000af79e 11/1/2005 6:20 PM 3.16 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007a5a_436a9ec6_00039387 11/3/2005 6:35 PM 233.13 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007a5a_436bd827_00044aa2 11/4/2005 4:52 PM 408 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007a61_43680ba9_0004c4b4 11/1/2005 7:43 PM 26.57 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007a61_436abfd4_0001312d 11/3/2005 8:56 PM 17.59 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007ac2_43680b54_00066ff3 11/1/2005 7:41 PM 26.19 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007ac2_436abe96_000487ab 11/3/2005 8:51 PM 28.63 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007b44_43586244_00090f56 10/20/2005 10:36 PM 15.23 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007b44_436804d4_00053ec6 11/1/2005 7:14 PM 229.16 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007b44_436ab91a_00081b32 11/3/2005 8:28 PM 139.63 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007b44_436baa69_0007de29 11/4/2005 1:37 PM 11.24 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007bb9_435ecee0_000d9701 10/25/2005 7:33 PM 214.46 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007bb9_436165ad_0001312d 10/27/2005 6:44 PM 155.29 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007bb9_4367fcd1_00057bcf 11/1/2005 6:59 PM 65.18 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007bb9_43695a07_00081b32 11/2/2005 7:29 PM 10.54 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007bb9_436aaffb_0000b71b 11/3/2005 7:48 PM 487 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007bb9_436be9ff_00066ff3 11/4/2005 6:08 PM 405 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007cfe_436abd04_000a037a 11/3/2005 8:44 PM 2.27 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007dd1_435ed3ad_000a4083 10/25/2005 7:54 PM 6.35 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007dd1_436167ec_0005f5e1 10/27/2005 6:52 PM 105.54 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007dd1_436ab353_0004c4b4 11/3/2005 8:03 PM 8.67 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007dd1_436ba5f6_0009c671 11/4/2005 1:18 PM 234.76 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007e0e_436ac9dc_0004c4b4 11/3/2005 9:39 PM 9.94 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007e87_43584e29_00053ec6 10/20/2005 9:10 PM 2 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007e87_435ec3d8_00098968 10/25/2005 6:46 PM 113.37 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007e87_43615e80_00066ff3 10/27/2005 6:10 PM 4.63 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007e87_4367f7a9_000e4e1c 11/1/2005 6:18 PM 4.81 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007e87_4369504f_0005b8d8 11/2/2005 6:48 PM 2.97 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007e87_43699281_0000d1cb 11/2/2005 11:30 PM 81.89 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007e87_436a9c67_000bebc2 11/3/2005 6:25 PM 173.87 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007e87_436b9b64_000501bd 11/4/2005 12:33 PM 90.96 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007e87_436bbc30_00040d99 11/4/2005 2:53 PM 399 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007eb7_435ecd28_000632ea 10/25/2005 7:26 PM 50.25 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007eb7_43616491_000a7d8c 10/27/2005 6:55 PM 109.84 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007eb7_4367fc60_00098968 11/1/2005 6:38 PM 36.27 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007eb7_4369591a_00003d09 11/2/2005 7:26 PM 12.79 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007eb7_436aadf9_000c65d4 11/3/2005 7:40 PM 127.95 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007eb7_436ba011_0001e848 11/4/2005 12:53 PM 73.27 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007eb7_436be92e_00094c5f 11/4/2005 6:05 PM 229.77 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007f4f_435ed607_0001ab3f 10/25/2005 8:05 PM 106.08 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007f4f_436169b2_0005b8d8 10/27/2005 7:00 PM 107.85 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007f4f_4368006f_0000b71b 11/1/2005 6:55 PM 36.46 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007f4f_436ab5f4_000a7d8c 11/3/2005 8:14 PM 2.63 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007f4f_436ba622_0002625a 11/4/2005 1:19 PM 198.81 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007f61_435862ad_000a037a 10/23/2005 9:03 PM 245.32 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007f61_43617c02_00057bcf 10/27/2005 8:16 PM 289 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007f61_436804da_000ec82e 11/1/2005 7:14 PM 47 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007f61_436ab930_000501bd 11/3/2005 8:28 PM 36.62 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007f96_435ec86b_0001312d 10/25/2005 7:06 PM 51.31 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007f96_43616288_0002625a 10/27/2005 6:28 PM 79.01 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007f96_4367f86e_00040d99 11/1/2005 6:21 PM 114.59 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007f96_43695479_00007a12 11/4/2005 1:23 PM 216.58 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007f96_436a9eff_00031975 11/3/2005 6:36 PM 414 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007f96_436bd947_00094c5f 11/4/2005 4:57 PM 410 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007fbe_435862b3_000aba95 10/23/2005 7:11 PM 974 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007fbe_43617c03_00003d09 10/27/2005 8:16 PM 13.11 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007fbe_436804e3_000632ea 11/1/2005 7:14 PM 404 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007fbe_436ab936_00089544 11/3/2005 8:28 PM 36.25 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007ff5_435ec89a_0003d090 10/25/2005 7:06 PM 3.95 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007ff5_43616293_00076417 10/27/2005 6:28 PM 48.55 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007ff5_4367f86e_000ec82e 11/1/2005 6:21 PM 404 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007ff5_43695486_00081b32 11/4/2005 1:23 PM 214.34 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007ff5_436a9f03_0006acfc 11/3/2005 6:36 PM 148.07 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007ff5_436b9ca5_00098968 11/4/2005 12:38 PM 281 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\00007ff5_436bd947_000baeb9 11/4/2005 4:57 PM 405 bytes Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\dns 11/4/2005 10:14 PM 43.63 KB Hidden from Windows API.
C:\Program Files\Ituadobe\Cache\index 11/4/2005 10:14 PM 231.99 KB Hidden from Windows API.
C:\Program Files\Ituadobe\data.bin 10/18/2005 8:59 PM 114.14 KB Hidden from Windows API.
C:\Program Files\Ituadobe\iedstapi.exe 10/27/2005 6:27 PM 912.00 KB Hidden from Windows API.
C:\Program Files\Ituadobe\jobccvid.exe 10/18/2005 8:59 PM 160.00 KB Hidden from Windows API.
C:\Program Files\Ituadobe\WinGenerics.dll 10/18/2005 8:59 PM 576.00 KB Hidden from Windows API.
C:\WINDOWS\SYSTEM32\DRIVERS\viaitter.sys 10/18/2005 8:59 PM 12.00 KB Hidden from Windows API.
C:\WINDOWS\SYSTEM32\shacxpnt.exe 10/18/2005 8:59 PM 460.00 KB Hidden from Windows API.

End of RR log.
cawitt
Regular Member
 
Posts: 27
Joined: October 17th, 2005, 10:57 pm
Top
Advertisement
Register to Remove

Unread postby cawitt » November 5th, 2005, 2:47 am

Now here's the apropofix log:

Log of AproposFix v1

************

Running from directory:
C:\Documents and Settings\Susan Siu\Desktop\aproposfix

************

Registry entries found:

[HKEY_LOCAL_MACHINE\Software\CzXltAFmegF5]
"Device"="\\\\.\\H8l_ZN77"
"DriverPath"="C:\\WINDOWS\\system32\\drivers\\viaitter.sys"
"DriverName"="Sfl350p"
"UninstallerPath"="C:\\WINDOWS\\system32\\bachserv.exe"
"HDll"="C:\\WINDOWS\\system32\\defmtxdm.dll"
"ServerAddress"="adchannel.contextplus.net"
"LegalNote"="http://adchannel.contextplus.net/legal-note/nonbranded.html"
"PartnerId"="CP.ANT2"
"InstallationId"="{Xcbe9833-cd29-1bf5-6f61-32c58018f368}"
"PageFiltering"=dword:00000001
"ClientName"="C:\\Program Files\\Ituadobe\\iedstapi.exe"
"AutoUpdater"="C:\\WINDOWS\\system32\\shacxpnt.exe"
"Version"="2.0.106"
"HideUninstallerName"="C:\\Program Files\\Ituadobe\\jobccvid.exe"
"LastAURestoreMsgTS"="2005:10:23-18:24:56:781"
--
[HKEY_LOCAL_MACHINE\Software\Aprps]

[HKEY_LOCAL_MACHINE\Software\Aprps\Client]
"PartnerId"="WB.VER2"


************

Removing hidden service:
Service Sfl350p removed.

Removing hidden folder:
Deletion of folder Ituadobe succeeded!

Deleting files:

Deletion of file C:\WINDOWS\system32\drivers\viaitter.sys succeeded!
Deletion of file C:\WINDOWS\system32\shacxpnt.exe succeeded!
Deletion of file C:\WINDOWS\system32\defmtxdm.dll succeeded!
Deletion of file C:\WINDOWS\system32\bachserv.exe succeeded!

Backing up files:
Done!

Removing registry entries:

REGEDIT4

[-HKEY_CURRENT_USER\Software\CzXltAFmegF5]
[-HKEY_CURRENT_USER\Software\Aprps]
[-HKEY_LOCAL_MACHINE\Software\CzXltAFmegF5]
[-HKEY_LOCAL_MACHINE\Software\Aprps]

Done!

Finished!



Unfortunately, I don't have time right now to run a new RR scan, but I will get to it next time (hopefully really soon). Until then, I leave you with a new HJT log, just for good measure!

Logfile of HijackThis v1.99.1
Scan saved at 11:29:59 PM, on 11/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/ ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {AEF76437-F960-4EBC-97EA-7BBB4230CF38} (OcarptMain Class) - https://oca.microsoft.com/en/secure/ocarpt.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.compani ... 3_16_0.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: PKYXYBWNS - Sysinternals - http://www.sysinternals.com - C:\DOCUME~1\SUSANS~1\LOCALS~1\Temp\PKYXYBWNS.exe
cawitt
Regular Member
 
Posts: 27
Joined: October 17th, 2005, 10:57 pm
Top

Unread postby Kimberly » November 5th, 2005, 11:58 am

Ok, in meanwhile I'll look up the RR log and compare with the apropos fix log but I think we got everything. Still would like to see a new RR when you get a chance.

Kim
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am
Top

Unread postby Kimberly » November 5th, 2005, 2:23 pm

Hello Chris,

Checked the logs and that looks very fine. I know that you have 2 accounts in Safe Mode, I would like you to run the Aproposfix from the other account too in Safe Mode, just to be sure. It has registry keys that are related to the current user account. Since the fix is located on her Desktop, you might wanna move the aproposfix folder to C:\ so that you can access it.

Boot into Normal Mode on her usual user account (Susan Siu), post the Aproposfix log and and new RR log please.

Thanks

Kim
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am
Top

Unread postby cawitt » November 6th, 2005, 2:05 am

Ok, I ran aproposfix from the Administrator account in Safe mode. Here's the log:

Log of AproposFix v1

************

Running from directory:
C:\aproposfix

************

Registry entries found:


************

No service found!

Removing hidden folder:
No folder found!

Deleting files:


Backing up files:
Done!

Removing registry entries:

REGEDIT4


Done!

Finished!


And here's the new RR log:

C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb 11/5/2005 10:52 PM 64.00 KB Visible in Windows API, but not in MFT or directory index.


And that's all there was in those logs this time.
cawitt
Regular Member
 
Posts: 27
Joined: October 17th, 2005, 10:57 pm
Top

Unread postby Kimberly » November 6th, 2005, 2:20 am

:thumbleft:

Great, we made it. :)

My advice would be to run a few scans now. With a rootkit one never knows, it may have attracted or hidden other files. A scan with Ewido, Kaspersky, Ad-Aware, Spybot S&D .... Panda eventually just to make sure. Cleaning up the temp folders and the temporary internet files would be good too. Deleting the prefetch folder and reset system restore again.
If you find something, post the logs please. :)

Turn off System Restore
  1. Click Start, right-click My Computer, and then click Properties.
  2. Click the System Restore tab.
  3. Select the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
  4. Click Yes when you receive the prompt to the turn off System Restore.
Reboot your computer.

Turn System Restore back on
  1. Click Start, right-click My Computer, and then click Properties.
  2. Click the System Restore tab.
  3. Clear the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
A new restore point will be created automatically.

Now the most important question, how are things running ? Still BSOD ?

Kim
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am
Top

Unread postby cawitt » November 14th, 2005, 10:47 pm

Ok, I re-ran the scans.

Ewido log:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:10:12 PM, 11/7/2005
+ Report-Checksum: D2F3F5D4

+ Scan result:

C:\Documents and Settings\Susan Siu\Cookies\susan siu@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Susan Siu\Cookies\susan siu@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Susan Siu\Cookies\susan siu@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Susan Siu\Cookies\susan siu@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Susan Siu\Cookies\susan siu@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Susan Siu\Cookies\susan siu@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Susan Siu\Cookies\susan siu@citi.bridgetrack[1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Susan Siu\Cookies\susan siu@edge.ru4[1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Susan Siu\Cookies\susan siu@microsoftwga.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Susan Siu\Cookies\susan siu@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Susan Siu\Cookies\susan siu@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Susan Siu\Cookies\susan siu@spylog[1].txt -> Spyware.Cookie.Spylog : Cleaned with backup
C:\Documents and Settings\Susan Siu\Cookies\susan siu@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Susan Siu\Cookies\susan siu@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Susan Siu\Cookies\susan siu@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Susan Siu\Cookies\susan siu@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup


::Report End


Kaspersky:

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, November 08, 2005 00:00:41
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 8/11/2005
Kaspersky Anti-Virus database records: 158749
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 48220
Number of viruses found: 1
Number of infected objects: 17
Number of suspicious objects: 0
Duration of the scan process: 2223 sec

Infected Object Name - Virus Name
C:\aproposfix\backups\backups.zip/backups/backups.zip/backups/ace.dll Infected: Trojan.Win32.Crypt.t
C:\aproposfix\backups\backups.zip/backups/backups.zip/backups/iedstapi.exe Infected: Trojan.Win32.Crypt.t
C:\aproposfix\backups\backups.zip/backups/backups.zip/backups/jobccvid.exe Infected: Trojan.Win32.Crypt.t
C:\aproposfix\backups\backups.zip/backups/backups.zip/backups/shacxpnt.exe Infected: Trojan.Win32.Crypt.t
C:\aproposfix\backups\backups.zip/backups/backups.zip/backups/WinGenerics.dll Infected: Trojan.Win32.Crypt.t
C:\aproposfix\backups\backups.zip/backups/backups.zip Infected: Trojan.Win32.Crypt.t
C:\aproposfix\backups\backups.zip Infected: Trojan.Win32.Crypt.t
C:\RECYCLER\S-1-5-21-2166338481-2511679056-2105919262-500\Dc134.exe Infected: Trojan.Win32.Crypt.t
C:\RECYCLER\S-1-5-21-2166338481-2511679056-2105919262-500\Dc136.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000007.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000011.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0006207.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0006208.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0006209.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0006210.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0006212.exe Infected: Trojan.Win32.Crypt.t
C:\WINDOWS\SYSTEM32\ld.exe Infected: Trojan.Win32.Crypt.t

Scan process completed.


Panda:


Incident Status Location

Virus:Trj/Agent.AUO Disinfected C:\WINDOWS\SYSTEM32\test.bmp


Finally, another HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 9:35:35 PM, on 11/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/ ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {AEF76437-F960-4EBC-97EA-7BBB4230CF38} (OcarptMain Class) - https://oca.microsoft.com/en/secure/ocarpt.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.compani ... 3_16_0.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: PKYXYBWNS - Unknown owner - C:\DOCUME~1\SUSANS~1\LOCALS~1\Temp\PKYXYBWNS.exe (file missing)


I think the BSODs have stopped (my gf hasn't seen them in a while). So that's good. I'll let you know if they return.

Unfortunately, things are still running really slowly :( Is there anything else we can try?
cawitt
Regular Member
 
Posts: 27
Joined: October 17th, 2005, 10:57 pm
Top

Unread postby Kimberly » November 15th, 2005, 1:52 am

Scans are looking good. :)

You may delete C:\aproposfix\backups folder

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.

Turn off System Restore
  1. Click Start, right-click My Computer, and then click Properties.
  2. Click the System Restore tab.
  3. Select the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
  4. Click Yes when you receive the prompt to the turn off System Restore.
Reboot your computer.

Turn System Restore back on
  1. Click Start, right-click My Computer, and then click Properties.
  2. Click the System Restore tab.
  3. Clear the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
A new restore point will be created automatically.

In the next step we are going to stop a and remove the following Service, nothing bad, it's just because RR did crash while it was running.

Click Start then Run
Type in services.msc
Click Ok

Scroll down and double click on the service called PKYXYBWNS
Click Stop and then set the Startup Type to Disabled.

Now we will remove the Service from the Registry. Maybe all of the following entries wont be present. If you don't find a key, proceed to the next key.

Click Start then Run
Type in regedit
Click Ok.

In left pane of registry editor, Navigate to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PKYXYBWNS
If PKYXYBWNS exists , right click on it and choose Delete from the menu.

Now navigate to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ PKYXYBWNS
If LEGACY_PKYXYBWNS exists then right click on it and choose Delete from the menu.

If you have trouble deleting a key, click once on the key name to highlight it and click on the Permission menu option under Edit. Uncheck Allow inheritible permissions and press copy. Click on everyone and put a checkmark in full control, press apply and ok and attempt to delete the key again.

Repeat the above procedure for ControlSet001, 002 although you might not find the service listed in those keys.

I think the BSODs have stopped (my gf hasn't seen them in a while). So that's good. I'll let you know if they return.
That's good since I think they were related to the Apropos rootkit, those things make a system unstable.

Unfortunately, things are still running really slowly Is there anything else we can try?


I can give you two optional items to fix, PC might run better with that. But a good thing to know would be the system specifications of the computer, like CPU and memory. Is it a laptop ? My laptop for example runs a bit slower than my desktop pc because it does not have the same amount of memroy, because the CPU is not a HT and most important of all, the HDD in a laptop is really slow because of the low tours/min... I don't see anything bad anymore that would slow down the computer.

You have iTunesHelper.exe running at Startup. iTunesHelper.exe is a process belonging to Itunes MP3 streaming tool by Apple which allows you to play MP3's. This process speeds up iTunes when it starts, and the program also monitors for connected iPod devices. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. It may be worthwhile to fix it with HijackThis. This is the item to fix in HijackThis:

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe


You have QuickTime running at Startup. This is QuickTime's system tray icon and not necessary for the program to function properly. It is considered to be a resource hog. You will still be able to start it manually if you need it. You can fix this with HijackThis, but you will need to change the setting in QuickTime Player itself to keep it from resetting itself.. This is the item to fix in HijackThis:

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" ‑atboottime

This program places an icon in the system tray for quick access to Apple QuickTime. It is not necessary since QuickTime may be run manually even without the tray icon. If you choose to remove it, you will also have to disable it from within QuickTime, in the following manner:

1) Run QuickTime from the Start -> Programs menu
2) Click on the Edit menu, then Preferences
3) Select QuickTime Preferences from the right-hand side menu
4) Uncheck the box next to "QuickTime System Tray Icon", and click OK.


http://www.techsupportforum.com/showthread.php?t=15968

Answersthatwork gives information on how to stop QT Taskbar from loading at start, but unfortunately the program has a really bad habit of re-instating the autoload property when you download QT clips. About the only way to stop this is to rename the file to another name like qttaskold.exe.

http://russelltexas.com/malware/optionalremoves.htm

Kim
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am
Top

Unread postby NonSuch » November 30th, 2005, 7:34 pm

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Top

Unread postby ChrisRLG » December 8th, 2005, 4:33 am

Re-opened upon email request.
ChrisRLG
Administrator Emeritus
 
Posts: 17759
Joined: December 16th, 2004, 10:04 am
Location: Southend, Essex, UK
Top

Unread postby Nick-YF19 » December 20th, 2005, 5:59 am

Closed due to no reply from the topic starter.
User avatar
Nick-YF19
Admin/Teacher Emeritus
 
Posts: 4036
Joined: May 17th, 2005, 12:42 am
Location: California
Top
Advertisement
Register to Remove
Previous
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 427 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index