Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

"YourSiteBar" Random popups ect..

Started by SSmoked , Nov 25 2005 10:29 PM

  • Please log in to reply

#1
SSmoked
Posted 25 November 2005 - 10:29 PM

SSmoked

    New Member

  • Member
  • Pip
  • 7 posts
Well, i ran trend micro and found this worm: Win32.P2P-Worm.Alcan.a .. i read and followed the instructions in this post: http://geekstogo.com...ST&f=37&t=78033 - Afterwards my computer did seem alot faster but slowed down quite a bit and i still have random popups. When i scan with XoftSpy the only thing that shows up is "YourSiteBar" and after deleting it when i re scan it is still there. Ive ran trend micro, ad aware and XoftSpy to no avail. Here are my HijackThis scan results...

Logfile of HijackThis v1.99.1
Scan saved at 11:27:34 PM, on 11/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\the script 2003\mirc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Jon`\LOCALS~1\Temp\Rar$EX00.565\HijackThis.exe

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\All Users\ts4.1\download\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

I would appreciate any help. Thanks in advance. =)

EDIT: Also.. Ctrl+Alt+Del does not work. I just get the user control thing and i cant get rid of it once it is up.

Edited by SSmoked, 25 November 2005 - 11:52 PM.

  • 0

Advertisements

#2
Armodeluxe
Posted 27 November 2005 - 03:07 PM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Hi SSmoked, welcome to GeeksToGo

Please reenable all items disabled from startup.

You are running Hijackthis from a temporary file,but Hijackthis should be in a permanent folder to save its backups in case we need to undo any changes. Please delete the one you currently have.
  • Download HijackThis again by clicking here,but don’t hit “Open”, but “Save as”. Then navigate to your desktop, and hit “Save”. After downloading, minimize all windows until you’re on your desktop.
  • Now double-click on the zip file containing the HijackThis.exe file. Select the HijackThis.exe, and hit the combination “Ctrl + C”.
  • Minimize the zipfolder, and go to My Computer. Double-click on C:/.
  • In the menu bar you’ll find “File”. Click it, then choose “New”, and then “Folder”.
  • Call this folder HijackThis. Double-click to open this - new - folder.
  • Now use the combination “Ctrl + V” to paste the HijackThis.exe into this folder. Now double-click on the HijackThis.exe in the folder you’ve just created and please post a new log.

  • 0

#3
SSmoked
Posted 28 November 2005 - 05:53 PM

SSmoked

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Ah, thank you sir. A popup just came up when i was typeing this. =( Whatever is on my computer is a bandwith [bleep]. Here is the new HijackThis.

Logfile of HijackThis v1.99.1
Scan saved at 6:51:39 PM, on 11/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\the script 2003\mirc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis\HijackThis.exe

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\All Users\ts4.1\download\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
  • 0

#4
SSmoked
Posted 28 November 2005 - 07:20 PM

SSmoked

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
So, i re-scanned everything useing XoftSpy, Ad-Aware, and Trend Micro. The YourSiteBar thing still kept popping up on on XoftSpy. So.. i downloaded and registered Spyware Doctor and ran a scan with that. Funny how with every different program they manage to find something all the others did not. Here is the log.

Scan Results:
scan start: 11/28/2005 7:47:40 PM
scan stop: 11/28/2005 7:53:20 PM
scanned items: 62670
found items: 46
found and ignored: 0
tools used: General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Browser Defaults, Favorites and ZoneMap Scanner, ActiveX Scanner, Browser Activity Scanner, Disk Scanner

Infection Name Location Risk
ISTbar HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc High
ISTbar HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc## High
ISTbar HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc##SlowInfoCache High
ISTbar HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc##Changed High
YourSiteBar HKLM\SOFTWARE\YourSiteBar High
YourSiteBar HKLM\SOFTWARE\YourSiteBar## High
YourSiteBar HKLM\SOFTWARE\YourSiteBar##installTitle High
YourSiteBar HKLM\SOFTWARE\YourSiteBar\Historyfiles High
YourSiteBar HKLM\SOFTWARE\YourSiteBar\Historysearch2 High
Common Components Unrelated HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping##{10E42047-DEB9-4535-A118-B3F6EC39B807} Medium
Common Components Unrelated HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} Medium
Common Components Unrelated HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807}\iexplore Medium
SideFind HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} Elevated
SideFind HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}\iexplore Elevated
Tracking Cookie(s) C:\Documents and Settings\Jon`\Cookies\jon`@hits.clickandtrack[1].txt Medium
WinFixer 2005 C:\Documents and Settings\Jon`\Cookies\jon`@winfixer[2].txt Elevated
Tracking Cookie(s) C:\Documents and Settings\Jon`\Cookies\jon`@rn11[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Jon`\Cookies\jon`@adknowledge[2].txt Medium
Advertising C:\Documents and Settings\Jon`\Cookies\jon`@adopt.hbmediapro[2].txt Low
Advertising C:\Documents and Settings\Jon`\Cookies\jon`@doubleclick[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\Jon`\Cookies\jon`@adrevolver[3].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Jon`\Cookies\jon`@12373[1].txt Medium
eXact Advertising C:\Documents and Settings\Jon`\Cookies\jon`@trafficmp[1].txt Elevated
Tracking Cookie(s) C:\Documents and Settings\Jon`\Cookies\jon`@exitexchange[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Jon`\Cookies\jon`@adecn[2].txt Medium
Common Components for Claria C:\Documents and Settings\Jon`\Cookies\jon`@belnk[1].txt Elevated
Tracking Cookie(s) C:\Documents and Settings\Jon`\Cookies\jon`@12357[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Jon`\Cookies\jon`@dcs2onuxx00000c9v7mgt27p7_7c4o[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Jon`\Cookies\jon`@dcszp7e1v10000omp5r9bmtnv_1o4g[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Jon`\Cookies\jon`@atwola[1].txt Medium
Rogue Anti-Spyware Products C:\Documents and Settings\Jon`\Cookies\jon`@trk.pcsecurityshield[2].txt High
Tracking Cookie(s) C:\Documents and Settings\Jon`\Cookies\jon`@banner[1].txt Medium
Rogue Anti-Spyware Products C:\Documents and Settings\Jon`\Cookies\jon`@www.pcsecurityshield[2].txt High
Advertising C:\Documents and Settings\Jon`\Cookies\jon`@42435556[1].txt Low
WinFixer 2005 C:\Documents and Settings\Jon`\Cookies\jon`@www.winfixer[1].txt Elevated
Tracking Cookie(s) C:\Documents and Settings\Jon`\Cookies\jon`@adrevolver[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Jon`\Cookies\jon`@ads.cc214142[1].txt Medium
2nd-thought.com C:\Documents and Settings\Jon`\Cookies\jon`@as-us.falkag[1].txt Medium
Common Components for Claria C:\Documents and Settings\Jon`\Cookies\jon`@dist.belnk[2].txt Elevated
Tracking Cookie(s) C:\Documents and Settings\Jon`\Cookies\jon`@microsofteup.112.2o7[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Jon`\Cookies\jon`@metareward[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Jon`\Cookies\jon`@zedo[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Jon`\Cookies\jon`@c.enhance[1].txt Medium
Starware C:\Documents and Settings\Jon`\Cookies\jon`@starware[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\Jon`\Cookies\jon`@stats1.reliablestats[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Jon`\Cookies\jon`@msnportal.112.2o7[1].txt Medium

I erased all that, restarted and ran another scan with it and it was clean. Then boom another random popup out of nowhere... and my ctrl+alt+del is still broken. =(

EDIT: The "YourSiteBar" does not show up anymore when i scan with XoftSpy. Also, scanning with all the programs mentioned above all show up clean.

Edited by SSmoked, 28 November 2005 - 07:22 PM.

  • 0

#5
Armodeluxe
Posted 29 November 2005 - 07:24 AM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
You don't have any startup items at all in your log, are you sure you don't have anything disabled from startup?

Let's run a couple scans and see what they find..

1)Please download Rootkit Revealer (link is at the very bottom of the page)
  • Unzip it to your desktop.
  • Open the rootkitrevealer folder and double-click rootkitrevealer.exe
  • Click the Scan button (bottom right)
  • It may take a while to scan (don't do anything while it's running)
  • When it's done, go up to File > Save. Choose to save it to your desktop.
  • Open rootkitrevealer.txt on your desktop and copy the entire contents and paste them here
2)Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Please post those two logs for me..
  • 0

#6
SSmoked
Posted 29 November 2005 - 05:37 PM

SSmoked

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Again, thank you verry much for takeing the time to help me out. Its greatly appreciated. Here are the RootRevealer results.. its quite a big list im sorry. =(

HKLM\SOFTWARE\C1POoAzsLRtD 11/26/2005 5:35 AM 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_WANARP 3/8/2005 12:07 AM 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINCSVC 11/26/2005 5:35 AM 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\WebClient 11/28/2005 10:34 PM 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\winCSVC 11/29/2005 5:49 PM 0 bytes Hidden from Windows API.
C:\Program Files\Theasoft 11/29/2005 2:00 AM 0 bytes Hidden from Windows API.
C:\Program Files\Theasoft\ace.dll 11/26/2005 5:35 AM 568.00 KB Hidden from Windows API.
C:\Program Files\Theasoft\AI_26-11-2005.log 11/26/2005 5:35 AM 3 bytes Hidden from Windows API.
C:\Program Files\Theasoft\AI_27-11-2005.log 11/27/2005 7:04 AM 3 bytes Hidden from Windows API.
C:\Program Files\Theasoft\AI_28-11-2005.log 11/28/2005 12:00 AM 3 bytes Hidden from Windows API.
C:\Program Files\Theasoft\AI_29-11-2005.log 11/29/2005 2:00 AM 3 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache 11/28/2005 7:44 PM 0 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000001c_438a2a85_000be559 11/27/2005 4:52 PM 169 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000001c_438a4315_000c131e 11/27/2005 6:36 PM 869 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000001c_438cd619_00057120 11/29/2005 5:28 PM 4.61 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000029_43888934_00098196 11/29/2005 5:50 PM 4.66 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000029_4388d175_000da2c9 11/28/2005 10:35 PM 3.64 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000029_4388fa00_000ca1a8 11/26/2005 7:12 PM 5.55 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000029_4389a0fd_0007ab41 11/28/2005 5:55 PM 1.13 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000029_438b6f06_00058fde 11/28/2005 3:56 PM 166 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000029_438b961d_0009d3dc 11/28/2005 6:43 PM 4.57 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000029_438ba432_000993c9 11/28/2005 7:43 PM 8.41 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000029_438baa04_0001279b 11/28/2005 8:08 PM 4.55 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000029_438bb10e_0008ce11 11/28/2005 8:38 PM 4.57 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000029_438bb64a_000c1990 11/28/2005 9:00 PM 166 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000029_438bcff4_00017fd9 11/28/2005 10:50 PM 4.43 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000035_438892f8_0004626b 11/26/2005 11:53 AM 36 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000035_4389a29d_0007cb40 11/27/2005 7:12 AM 4.52 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000035_438b7b75_000ed619 11/28/2005 4:49 PM 1.12 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000035_438c4c3a_00040a56 11/29/2005 7:40 AM 493.31 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000003a_438a3fb9_0006a011 11/27/2005 6:23 PM 875 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000049_438a6d93_0007abb3 11/27/2005 9:38 PM 875 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000007b_438a1f04_0006ef28 11/27/2005 4:03 PM 5.25 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000007b_438cbfe8_000883e4 11/29/2005 3:54 PM 437 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000008c_4389abb2_0002a5ac 11/27/2005 7:50 AM 563 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000008c_438cbd77_000b7036 11/29/2005 3:43 PM 68.43 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000008e_4389a5d6_00021559 11/27/2005 7:25 AM 12.21 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000008e_438cbd2e_00058e43 11/29/2005 3:42 PM 75.75 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000094_438a32a8_00062b34 11/27/2005 5:26 PM 169 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000099_43888a6e_0006c75b 11/26/2005 11:16 AM 39.62 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000099_4388df4b_0002876c 11/26/2005 5:18 PM 29.27 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000099_4389a154_000acd94 11/27/2005 7:06 AM 122 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000099_438b9634_000b6711 11/28/2005 6:43 PM 274 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000099_438c49b8_000dc59c 11/29/2005 7:29 AM 2.99 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000009f_438a6db2_00072120 11/27/2005 9:38 PM 435 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000000aa_438a7969_000cf8d4 11/27/2005 10:28 PM 181.58 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000000bd_438a6cee_000b6146 11/27/2005 9:35 PM 794 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000000c1_4389a49b_0002f488 11/27/2005 7:20 AM 77.01 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000000c1_438c81fa_00069359 11/29/2005 11:29 AM 5.25 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000000e5_438a5008_000acd66 11/27/2005 7:32 PM 4.81 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000000eb_4389aba5_0008794c 11/27/2005 7:50 AM 46 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000000eb_438cbd55_000cfbbe 11/29/2005 3:43 PM 870 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000000ec_438a73b7_000477de 11/27/2005 10:04 PM 20.44 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000000f1_438a6ecc_000364a8 11/27/2005 9:43 PM 5.07 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000000f8_438a4cbe_000486a6 11/27/2005 7:18 PM 5.32 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000120_43888b92_00034323 11/26/2005 11:21 AM 14.42 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000120_4388f4a6_000e501b 11/26/2005 6:49 PM 1.40 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000120_4389a199_000d154c 11/27/2005 7:07 AM 4.22 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000120_438b7045_00062741 11/28/2005 4:01 PM 514.91 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000120_438b991d_00096f71 11/28/2005 6:56 PM 347 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000120_438c4a3b_000e3496 11/29/2005 7:31 AM 169 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000124_43888a6e_000d0b39 11/29/2005 4:42 PM 561 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000124_4388df4b_000a2b5c 11/26/2005 5:18 PM 1.13 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000124_4388fb5c_000d8dee 11/26/2005 7:18 PM 17.72 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000124_4389a15c_0004415b 11/27/2005 7:06 AM 104.16 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000124_438b9649_00034e8b 11/28/2005 6:44 PM 23.59 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000124_438c49b8_000e3af8 11/29/2005 7:29 AM 3.09 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000012c_438a237e_000da009 11/27/2005 4:22 PM 4.37 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000012c_438ccebb_000b10f3 11/29/2005 4:57 PM 5.37 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000012f_438a27b1_00041624 11/27/2005 4:40 PM 436 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000012f_438cd5a3_000bb643 11/29/2005 5:26 PM 170 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000014a_438a5801_000ed951 11/27/2005 8:06 PM 13.34 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000014f_438a2462_000ea973 11/27/2005 4:25 PM 885 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000014f_438cd417_000069be 11/29/2005 5:20 PM 417 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000001d3_43889363_00035fae 11/26/2005 11:54 AM 36 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000001d3_4389a2b8_000bbfbc 11/27/2005 7:12 AM 70.42 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000001d3_438b7b7a_000b6e7e 11/28/2005 4:49 PM 2.64 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000001d3_438c4d7f_0004ea98 11/29/2005 7:48 AM 435 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000001da_438a59f7_00036a9c 11/27/2005 8:14 PM 46 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000001db_438a57e0_000a9bf6 11/27/2005 8:05 PM 2.31 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000001e1_4389a4ef_000d3490 11/27/2005 7:22 AM 169 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000001e1_438c8241_0007d47c 11/29/2005 11:30 AM 15.02 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000001eb_43888a5a_0008a1a3 11/26/2005 11:16 AM 2.31 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000001eb_4388d77d_00098338 11/26/2005 4:45 PM 1.12 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000001eb_4388fb2f_00014204 11/26/2005 7:17 PM 5.34 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000001eb_4389a14a_0002ca46 11/27/2005 7:06 AM 10.32 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000001eb_438b6f57_00005008 11/28/2005 3:57 PM 136.47 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000001eb_438b9629_000a175c 11/28/2005 6:43 PM 229 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000001eb_438bad61_000b35d8 11/28/2005 8:22 PM 56.16 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000001eb_438c4961_00045f6b 11/29/2005 4:45 PM 766 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000001f7_438a2512_00005851 11/27/2005 4:28 PM 875 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000001f7_438cd56a_000ee414 11/29/2005 5:25 PM 134.50 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000021c_438a4e61_0007c5e4 11/27/2005 7:25 PM 5.31 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000260_438a2b66_000e16d6 11/27/2005 4:55 PM 437 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000260_438cd65f_000a577c 11/29/2005 5:29 PM 1.74 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000262_438a23b8_00076978 11/27/2005 4:23 PM 984 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000262_438ccf9b_0003ea91 11/29/2005 5:00 PM 7.04 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000292_438a5007_00071cec 11/27/2005 7:32 PM 67.12 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000002a9_438a63ed_000f21ec 11/27/2005 8:57 PM 437 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000002b2_438a2bda_0004df31 11/27/2005 4:57 PM 401 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000002b2_438cd66b_000ae939 11/29/2005 5:30 PM 132.77 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000002be_438a665c_000634b9 11/27/2005 9:07 PM 399.83 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000002ec_438a2c4f_0000b818 11/27/2005 4:59 PM 509 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000002ec_438cd6ba_00043e11 11/29/2005 5:31 PM 170 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000002ee_438a27ae_00047aa0 11/27/2005 4:39 PM 509 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000002ee_438cd59c_0009441b 11/29/2005 5:26 PM 876 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000002f2_438a6198_0003b21b 11/27/2005 8:47 PM 397 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000030a_43888b6f_0004a1ec 11/26/2005 11:21 AM 24.70 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000030a_4388f465_00047af3 11/26/2005 6:48 PM 4.81 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000030a_4389a198_000852fe 11/27/2005 7:07 AM 239 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000030a_438b7039_000d87b1 11/28/2005 4:01 PM 13.25 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000030a_438b983b_0002f101 11/28/2005 6:52 PM 1001 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000030a_438c4a28_000b57d0 11/29/2005 7:31 AM 707 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000314_438a4085_00094624 11/27/2005 6:25 PM 169 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000318_438a502b_000db5f0 11/27/2005 7:32 PM 4.89 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000036a_438a59e0_0003105b 11/27/2005 8:14 PM 875 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000036b_438a23ae_00013b96 11/27/2005 4:22 PM 7.16 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000036b_438ccf38_0004cc11 11/29/2005 4:59 PM 396 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000383_438a6d32_000bf510 11/27/2005 9:36 PM 435 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000384_438890ad_00014424 11/26/2005 11:43 AM 0 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000384_4389a267_00011b39 11/27/2005 7:11 AM 435 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000384_438b7407_0001eccb 11/28/2005 4:17 PM 1.12 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000384_438c4bd6_000d26a0 11/29/2005 7:38 AM 435 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000389_438a57e4_000e5d50 11/27/2005 8:05 PM 598 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000038f_438a218d_000ca321 11/27/2005 4:13 PM 883 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000038f_438ccc28_0003c4a8 11/29/2005 4:47 PM 405 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000390_438c823a_00051418 11/29/2005 11:30 AM 4.46 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000003af_438a58a5_00080fbe 11/27/2005 8:08 PM 2.31 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000003be_438a61e0_000f35d3 11/27/2005 9:35 PM 732 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000003f4_438a4a80_00070aa8 11/27/2005 7:08 PM 3.52 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000003f4_438a619d_00068e5e 11/27/2005 8:47 PM 39.51 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000003f9_438a23ba_000af873 11/27/2005 4:23 PM 128.04 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000003f9_438ccf9c_00094959 11/29/2005 5:01 PM 132.80 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000003fa_4389abff_0008c53e 11/27/2005 7:52 AM 2.91 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000003fa_438cbe72_00026fce 11/29/2005 3:47 PM 7.20 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000041c_438a4d0e_00092fe8 11/27/2005 7:19 PM 484 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000041e_438a4cbb_000bf298 11/27/2005 7:18 PM 351.72 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000042f_438a43a7_0009c818 11/27/2005 6:39 PM 537 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000046b_438a31a6_000e40a4 11/27/2005 5:22 PM 169 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000046b_438cdaf1_000ad624 11/29/2005 5:49 PM 4.43 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000047a_438a4df3_000b0289 11/27/2005 7:23 PM 76.59 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000047e_43888e7d_000948f0 11/26/2005 11:34 AM 1.44 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000047e_438b7335_0000ac28 11/28/2005 4:14 PM 3.22 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000047e_438c4b32_000d8536 11/29/2005 7:59 AM 807 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000049d_438a8aa9_000be698 11/27/2005 11:42 PM 79.22 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000004b0_438a1f43_00014a11 11/27/2005 4:04 PM 2.77 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000004b0_438cc41e_0008d279 11/29/2005 4:11 PM 614 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000004f0_438a1f16_000c3834 11/27/2005 4:03 PM 735 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000004f0_438cbff4_00076753 11/29/2005 3:54 PM 948 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000004fe_438a580d_0003f526 11/27/2005 8:06 PM 958 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000502_438a3882_0000454b 11/27/2005 5:52 PM 438 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000053c_438a498a_000b1c44 11/27/2005 7:04 PM 135.29 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000054b_438a31a4_00077c2b 11/27/2005 5:22 PM 1.83 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000054b_438cdaec_00011989 11/29/2005 5:49 PM 6.43 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000554_438a59e0_000f22bc 11/27/2005 8:14 PM 707 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000565_438a66eb_00005518 11/27/2005 9:09 PM 183.58 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000056a_438a6c0b_0004b618 11/27/2005 9:31 PM 598 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000588_4388ceb8_000d9f69 11/26/2005 4:08 PM 29.27 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000588_438b7d78_000dc65b 11/28/2005 4:58 PM 437 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000588_438c5034_0003a3e4 11/29/2005 7:57 AM 3.02 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000005ae_438a63dc_000dd796 11/27/2005 8:56 PM 437 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000005eb_438a3fb1_000ae183 11/27/2005 6:22 PM 598 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000603_438a27b0_00079440 11/27/2005 4:40 PM 133.08 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000603_438cd5a3_0001eea9 11/29/2005 5:26 PM 35.92 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000607_4389a5b7_0005fc89 11/27/2005 7:25 AM 537 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000607_438cbd16_00055580 11/29/2005 3:41 PM 170 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000060e_438a8a8e_00022398 11/29/2005 4:42 PM 122.79 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000618_438a6d78_0002a561 11/27/2005 9:37 PM 70.86 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000633_438896cd_000b6c43 11/26/2005 12:09 PM 60.31 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000633_4389a30b_000e7d53 11/27/2005 7:14 AM 46.03 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000633_438b7c27_00059b23 11/28/2005 4:52 PM 976 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000633_438c4f29_0001e639 11/29/2005 7:52 AM 376.18 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000634_438a2b65_000e8691 11/27/2005 4:55 PM 133.08 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000634_438cd65f_00054c91 11/29/2005 5:29 PM 1.11 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000064f_438a58c9_00024823 11/27/2005 8:09 PM 405 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000654_438a6d94_00060304 11/27/2005 9:38 PM 11.15 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000065a_438a1ff5_00072fdc 11/27/2005 4:07 PM 876 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000065a_438a2202_0008ca44 11/27/2005 4:15 PM 417 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000065a_438ccb37_00095276 11/29/2005 4:42 PM 2.70 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000065a_438cccb0_0009a8e9 11/29/2005 4:48 PM 567 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000665_438a236f_000ad9c3 11/27/2005 7:18 PM 333 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000665_438ccdd6_0003e529 11/29/2005 4:53 PM 5.45 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000066b_438a885e_000c4c0c 11/27/2005 11:32 PM 61.80 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000672_438a31f7_0001d239 11/27/2005 5:23 PM 82.70 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000672_438cdb5a_000160a0 11/29/2005 5:51 PM 7.89 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000677_438890bb_00089a5b 11/26/2005 11:43 AM 32 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000677_4389a270_000c7584 11/27/2005 7:11 AM 435 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000677_438a5024_0005c381 11/27/2005 7:32 PM 4.69 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000677_438b7408_00001cfe 11/28/2005 4:18 PM 2.28 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000677_438c4bd7_0008e4ec 11/29/2005 7:38 AM 4.89 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000686_438a6a06_0000afab 11/27/2005 9:23 PM 631 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000068f_438a4038_00001833 11/27/2005 6:24 PM 437 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000006bb_438a4308_000c183b 11/27/2005 8:27 PM 839 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000006c7_438a6c3b_00028e99 11/27/2005 9:32 PM 47 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000006d8_438a23a6_0000721c 11/27/2005 5:11 PM 563 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000006d8_438ccefd_000b2421 11/29/2005 4:58 PM 1.48 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000006de_438a2ba0_0007b926 11/27/2005 4:56 PM 13.64 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000006de_438cd669_0007a87b 11/29/2005 5:30 PM 781 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000006e3_4389a5ae_000be6a9 11/27/2005 7:25 AM 10.29 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000006e3_438cbcba_000cf07b 11/29/2005 3:40 PM 4.22 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000006e9_438a287f_0006a059 11/27/2005 4:46 PM 563 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000006e9_438cd5b1_000f1363 11/29/2005 5:26 PM 509 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000006ee_438a87bd_000ce2a1 11/27/2005 11:29 PM 211 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000728_4389a4e2_000b3d21 11/27/2005 7:21 AM 40.50 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000728_438c823a_000d5481 11/29/2005 11:30 AM 1.36 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000730_438a6d7a_00019ecc 11/27/2005 9:37 PM 0 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000732_43888b70_00040b13 11/26/2005 11:21 AM 4.80 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000732_4388f4a6_0008f6f3 11/28/2005 6:45 PM 68.88 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000732_4389a199_0005e6b8 11/27/2005 7:07 AM 4.52 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000732_438b703a_000b69a8 11/28/2005 4:01 PM 15.17 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000732_438b991c_000aa2c4 11/28/2005 6:56 PM 1.80 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000732_438c4a33_00097206 11/29/2005 7:32 AM 169 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000074d_43888a82_0008e629 11/26/2005 11:17 AM 563 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000074d_4388df63_00072ea1 11/26/2005 5:19 PM 82.15 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000074d_438b7027_00072cd0 11/28/2005 4:01 PM 422 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000074d_438b96b6_0000cfde 11/28/2005 6:45 PM 1.12 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000074d_438c49c6_0000f026 11/29/2005 7:29 AM 113.78 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000759_438a6a72_0004bd79 11/27/2005 9:24 PM 5.51 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000075d_438a43a5_0003039e 11/27/2005 6:39 PM 422 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000774_438a61c8_00027553 11/27/2005 8:47 PM 170 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000784_4389a5b7_000783b9 11/27/2005 7:25 AM 877 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000784_438cbd16_0005cadb 11/29/2005 3:41 PM 874 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000786_438cbfa2_00012ba1 11/29/2005 3:52 PM 2.61 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000795_438a58a6_00046a84 11/27/2005 8:08 PM 707 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000007a2_438a3fe2_000f0383 11/27/2005 6:23 PM 12.34 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000007c9_438a2371_00090f96 11/27/2005 4:21 PM 66.74 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000007c9_438cce15_00082ecb 11/29/2005 4:54 PM 11.95 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000007cf_43889332_00046fb8 11/26/2005 11:54 AM 0 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000007cf_438b7b76_00005771 11/28/2005 4:49 PM 417 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000007cf_438c4c3a_000ac390 11/29/2005 7:40 AM 435 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000007db_438a31bc_0001982e 11/27/2005 5:22 PM 426.36 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000007db_438cdb44_000a855b 11/29/2005 5:50 PM 4.55 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000007ec_438a7cb2_000a8430 11/27/2005 10:42 PM 186.86 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000822_43888c7b_00048fcb 11/26/2005 11:25 AM 563 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000822_4389a1e6_00048978 11/27/2005 7:09 AM 40.50 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000822_438b716d_000ad2d4 11/28/2005 4:06 PM 7.79 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000822_438c4a9c_00015c93 11/29/2005 7:33 AM 71.64 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000828_438a2aaa_00029fa3 11/27/2005 4:52 PM 401 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000828_438cd61b_0000e6d0 11/29/2005 5:28 PM 422 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000083f_438a63d4_00093c24 11/27/2005 8:56 PM 29.60 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000084d_4389abbb_000aa35b 11/27/2005 7:51 AM 404 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000084d_438cbd83_000681ac 11/29/2005 3:43 PM 770 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000860_438a7257_000c2adc 11/27/2005 9:58 PM 11.94 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000086a_4389a436_0000e386 11/27/2005 7:19 AM 64.99 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000086a_438b8150_000c0430 11/28/2005 5:14 PM 0 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000086a_438c50a3_0009e63c 11/29/2005 7:59 AM 433 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000871_438cbc11_000c9678 11/29/2005 3:37 PM 166 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000878_4389a54d_000e337b 11/27/2005 7:23 AM 36.11 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000878_438cbc43_00096864 11/29/2005 3:38 PM 735 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000088b_438a7ba6_000bcf44 11/27/2005 10:38 PM 16.33 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000008ac_438a3896_00023cfb 11/27/2005 5:52 PM 14.31 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000008af_438a21e6_0005bade 11/27/2005 4:15 PM 351.81 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000008af_438ccc4f_0005d8fb 11/29/2005 4:46 PM 2.67 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000008bd_438a69e4_0008f46c 11/27/2005 9:22 PM 405 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000008d2_438a6a51_000da454 11/27/2005 9:24 PM 1.06 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000008ff_438a1f4f_000734f6 11/27/2005 4:04 PM 128.09 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000008ff_438cc421_000adfe4 11/29/2005 4:12 PM 1.12 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000902_43888c87_0004850e 11/26/2005 11:25 AM 567 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000902_438b71be_0002849e 11/28/2005 4:08 PM 5.76 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000902_438c4ada_0000bcc8 11/29/2005 7:34 AM 71.44 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000914_438a1f6b_00093288 11/27/2005 4:04 PM 13.39 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000914_438cc425_00032b56 11/29/2005 4:12 PM 40.02 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000917_438a69f1_0004cf1b 11/27/2005 9:22 PM 0 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000093b_438a27a4_000afb99 11/27/2005 4:39 PM 877 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000093b_438cd56f_0001dbfe 11/29/2005 5:25 PM 2.47 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000940_4389a444_0006d9ab 11/27/2005 7:19 AM 49.00 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000940_438b8210_000e66c3 11/28/2005 5:17 PM 1.36 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000940_438c50a6_0007fa91 11/29/2005 7:59 AM 2.97 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000948_438a6266_000ef214 11/27/2005 8:50 PM 1.11 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000975_43889413_000a732c 11/26/2005 11:57 AM 203.86 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000975_4389a2c2_000193e9 11/27/2005 7:12 AM 454 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000975_438c4def_00090ee6 11/29/2005 7:48 AM 543 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000098d_438a7964_000698d6 11/27/2005 10:28 PM 196.20 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000009b1_438a6198_0008e424 11/27/2005 8:47 PM 1.46 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000009b3_438a218a_000e4090 11/27/2005 4:13 PM 83.15 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000009b3_438ccc28_0003766b 11/29/2005 4:47 PM 405 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000009c9_438a5823_0002c298 11/29/2005 7:30 AM 563 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000009ce_4388cecd_00064a7b 11/26/2005 4:08 PM 232 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000009ce_4389a408_000784b6 11/27/2005 7:18 AM 11.19 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000009ce_438b8144_0003ce83 11/28/2005 5:14 PM 15.71 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000009ce_438c5069_000e4761 11/29/2005 7:58 AM 14.38 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000009d1_438a783f_000b9e9e 11/27/2005 10:23 PM 132.41 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000a1d_438a23d0_00099ec6 11/27/2005 4:23 PM 1.14 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000a1d_438cd08b_000d9f03 11/29/2005 5:04 PM 4.92 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000a26_438a4511_000cb16c 11/27/2005 6:45 PM 2.35 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000a27_438a6e2e_00020f91 11/27/2005 9:40 PM 168 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000a28_4388cecc_000cfe14 11/28/2005 6:45 PM 455 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000a28_438b8143_000501d6 11/28/2005 5:14 PM 1014 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000a28_438c5066_0007f2a3 11/29/2005 7:58 AM 1.05 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000a2f_438a218a_000ce07e 11/27/2005 4:13 PM 1.43 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000a2f_438ccc27_00043463 11/29/2005 4:46 PM 135.02 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000a31_438a58d4_0004d0cb 11/27/2005 8:09 PM 8.11 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000a3f_438a5853_00086628 11/27/2005 8:07 PM 433 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000a41_4389a5b7_0005fc89 11/27/2005 7:25 AM 875 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000a41_438a1eef_00008366 11/27/2005 4:02 PM 2.28 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000a41_438cbd15_000b1e63 11/29/2005 3:41 PM 76.40 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000a41_438cbfd7_000ce0f3 11/29/2005 3:53 PM 2.47 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000a4a_438899ce_0000f7a1 11/26/2005 12:22 PM 4.43 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000a4a_4389a349_000be0fc 11/27/2005 7:15 AM 40.51 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000a4a_438b7d09_000da0c3 11/28/2005 4:56 PM 1.12 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000a4a_438c5009_0001ee6c 11/29/2005 7:56 AM 12.37 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000a65_438a6bff_00007981 11/27/2005 9:31 PM 2.01 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000a6c_4389a5ae_000cd160 11/27/2005 7:25 AM 1.15 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000a6c_438cbce0_000d02a3 11/29/2005 3:41 PM 33.65 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000a6e_438a2485_00095193 11/27/2005 4:26 PM 12.34 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000a6e_438cd506_0006bbf3 11/29/2005 5:24 PM 11.67 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000a76_438a71b8_00012fab 11/27/2005 9:55 PM 63.91 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000a87_4389abb2_0004c956 11/27/2005 7:50 AM 761 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000a87_438cbd78_00046e60 11/29/2005 3:43 PM 803 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000a8b_438a8bc6_000441e9 11/27/2005 11:47 PM 120.08 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000ab5_438a6e01_0000009c 11/27/2005 9:40 PM 250 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000ab6_438a6a5f_000eddcb 11/27/2005 9:24 PM 134.56 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000ae1_438a6d7b_000acf8c 11/27/2005 9:37 PM 792 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000af0_4389ac09_000d1db3 11/27/2005 7:52 AM 10.65 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000af0_438cbf7d_000d317b 11/29/2005 3:52 PM 3.02 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000b2e_438a6e19_0004f60e 11/27/2005 9:40 PM 437 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000b31_438a28f2_000b9920 11/27/2005 4:45 PM 169 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000b31_438cd5c0_000a83f6 11/29/2005 5:27 PM 4.56 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000b7f_438a2aaa_000698b9 11/27/2005 4:52 PM 885 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000b7f_438cd61b_00015c2b 11/29/2005 5:28 PM 422 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000b93_438a2186_00099480 11/27/2005 4:13 PM 883 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000b93_438ccc23_0001fa39 11/29/2005 4:46 PM 1 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000b9b_438a27bf_0005015e 11/27/2005 9:35 PM 1.29 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000b9b_438cd5aa_00041294 11/29/2005 5:26 PM 1.14 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000bb3_43888a5a_000916fe 11/26/2005 11:16 AM 405 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000bb3_4388d77d_000a46d0 11/26/2005 4:45 PM 877 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000bb3_4389a14a_0006ea7b 11/27/2005 7:06 AM 405 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000bb3_438a71b7_000bb53c 11/27/2005 9:55 PM 2.48 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000bb3_438b962a_0000f1dc 11/28/2005 6:43 PM 1.00 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000bb3_438bad8a_000a470b 11/28/2005 8:23 PM 57.47 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000bb3_438c496d_00005b98 11/29/2005 4:45 PM 2.40 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000bdb_43888b6f_0006ecb4 11/26/2005 11:21 AM 614 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000bdb_4388f480_0004ebb4 11/26/2005 6:49 PM 4.79 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000bdb_4389a199_0004114b 11/27/2005 7:07 AM 1.08 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000bdb_438b703a_00030220 11/28/2005 4:01 PM 562 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000bdb_438b991b_00082b3e 11/28/2005 6:56 PM 29.17 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000bdb_438c4a29_000e92ee 11/29/2005 7:31 AM 4.95 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000bdf_438a3fbd_000cd351 11/27/2005 6:22 PM 4.43 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000bf9_438a7814_00037e29 11/27/2005 10:23 PM 153.30 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000c15_438896b6_00040a8b 11/26/2005 12:09 PM 61.95 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000c15_4389a300_000f030b 11/27/2005 7:13 AM 49.71 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000c15_438a7206_000cd523 11/27/2005 9:57 PM 435 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000c15_438b7c25_000df76b 11/28/2005 4:52 PM 132.70 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000c15_438c4f26_000b9cf3 11/29/2005 7:56 AM 3.02 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000c1e_4389a5b2_000d8459 11/27/2005 7:25 AM 104.16 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000c1e_438cbce3_00091a6c 11/29/2005 3:41 PM 437 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000c7b_43889664_000e288e 11/26/2005 12:18 PM 0 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000c7b_4389a2fb_0004d114 11/27/2005 7:13 AM 78.47 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000c7b_438b7c20_000993f8 11/28/2005 4:52 PM 841 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000c7b_438c4f25_000d6cc0 11/29/2005 7:52 AM 132.68 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000c95_438a2200_000c1ba1 11/27/2005 4:15 PM 405 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000c95_438ccc68_00041ad3 11/29/2005 4:47 PM 1.12 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000cc0_438a6cdf_00051744 11/27/2005 9:35 PM 50.12 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000ce1_438c8204_0005b9c4 11/29/2005 11:29 AM 2.58 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000ced_438a4516_0008fb94 11/27/2005 6:45 PM 232 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000d05_438a7a23_000ceee0 11/27/2005 10:31 PM 315.67 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000d0c_438a6d29_00072ce0 11/29/2005 5:35 PM 805 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000d1f_438a2e64_0009119b 11/27/2005 5:08 PM 523.02 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000d1f_438cd774_000aed56 11/29/2005 5:34 PM 3.23 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000d66_43888f0e_000b3f9c 11/27/2005 10:36 PM 238.34 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000d66_4389a233_00035356 11/27/2005 7:10 AM 1.16 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000d66_438b7351_00025b7c 11/28/2005 4:14 PM 134.87 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000d66_438c4b8e_000d3fee 11/29/2005 7:37 AM 2.47 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000d6a_438b8216_00070bb1 11/28/2005 5:17 PM 4.46 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000d6a_438c50b3_00097ca4 11/29/2005 7:59 AM 401 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000d77_438a6265_0006ac0b 11/27/2005 8:50 PM 875 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000d79_438a6dc1_000aaafe 11/27/2005 9:38 PM 56.96 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000d7f_438a7cb1_00052568 11/27/2005 10:42 PM 1.94 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000d9f_438a1eed_0001d838 11/29/2005 5:34 PM 11.98 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000d9f_438cbfb6_0006f549 11/29/2005 3:53 PM 438 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000da9_438a6ce0_0000d591 11/27/2005 9:35 PM 543 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000daf_438a6a67_0008c6ec 11/27/2005 9:24 PM 5.47 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000dbd_438a6ec6_0007ff96 11/29/2005 5:23 PM 1.58 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000dc3_438a6f7d_000439e8 11/27/2005 9:46 PM 405 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000dc7_438a2a3f_000aa9d6 11/27/2005 4:50 PM 437 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000dc7_438cd60b_00052260 11/29/2005 5:28 PM 535 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000ddc_43888c19_000921c4 11/26/2005 11:23 AM 498 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000ddc_4388f574_000abd90 11/26/2005 6:53 PM 220.10 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000ddc_4389a1ad_0005e1dc 11/27/2005 7:08 AM 3.02 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000ddc_438b70d5_0004bbb1 11/28/2005 4:04 PM 232 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000ddc_438b9a92_00036b86 11/28/2005 7:02 PM 6.03 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000ddc_438c4a77_00068214 11/29/2005 7:32 AM 493.22 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000de5_4388cec5_00086843 11/26/2005 4:45 PM 562 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000de5_4389a39f_0007cf1b 11/27/2005 7:16 AM 46.49 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000de5_438b7dd4_0004cb4e 11/28/2005 4:59 PM 419.25 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000de5_438c503b_000a3641 11/29/2005 7:57 AM 761 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000de9_438a3877_0003d963 11/27/2005 5:52 PM 569 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000e00_438a2153_00005c54 11/27/2005 4:12 PM 435 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000e00_438ccc1b_0007c2db 11/29/2005 4:46 PM 5.56 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000e12_438891b5_00051499 11/26/2005 11:47 AM 0 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000e12_4389a285_00028791 11/27/2005 7:11 AM 169 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000e12_438b7418_000d25d9 11/28/2005 4:18 PM 877 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000e12_438c4c18_000c7636 11/29/2005 7:39 AM 435 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000e29_4389a55d_00049ec3 11/27/2005 7:23 AM 1.26 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000e29_438cbc4d_0009c7c3 11/29/2005 3:38 PM 6.99 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000e5c_438a3873_00057131 11/27/2005 5:51 PM 2.26 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000e90_438893b8_000e41d0 11/26/2005 11:56 AM 0 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000e90_4389a2b9_00055a60 11/27/2005 7:12 AM 169 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000e90_438b7b7b_000a6249 11/28/2005 4:49 PM 7.43 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000e90_438c4de1_000f0404 11/29/2005 7:47 AM 28.06 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000e99_438a1f11_0007ada3 11/27/2005 4:03 PM 46 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000e99_438cbfe9_000293e3 11/29/2005 3:54 PM 4.69 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000ea9_4389a484_0003ac1b 11/27/2005 7:20 AM 11.20 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000ea9_438b821a_00043af0 11/28/2005 5:18 PM 1.58 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000ea9_438c50c1_000b79b3 11/29/2005 7:59 AM 434 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000ecc_43889361_0007e9fe 11/26/2005 11:54 AM 200.91 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000ecc_438b7b7a_0003ca8e 11/28/2005 4:49 PM 877 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000ecc_438c4c44_000702b9 11/29/2005 7:40 AM 4.90 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000edd_438a58b2_0002633c 11/27/2005 8:09 PM 405 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000ef5_438a2471_000a1a06 11/27/2005 4:26 PM 26 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000ef5_438cd448_000bba53 11/29/2005 5:20 PM 883 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000ef7_438a3897_000ea339 11/27/2005 6:22 PM 562 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000f26_438a3910_000ba474 11/27/2005 5:54 PM 437 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000f3e_43888a64_00088ba6 11/26/2005 11:16 AM 46 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000f3e_4388df36_000e23ae 11/26/2005 5:18 PM 369 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000f3e_438b6f80_00007310 11/28/2005 3:58 PM 667 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000f3e_438b9633_00056bd0 11/28/2005 6:43 PM 455 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000f3e_438c49b8_000cdae6 11/29/2005 7:29 AM 2.34 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000f55_438a4dfa_000d4d93 11/27/2005 7:23 PM 73.15 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000f77_438a3fb0_000c3bf4 11/27/2005 6:22 PM 3.03 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000fbf_43888e7c_000a2e06 11/26/2005 11:34 AM 2.20 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000fbf_4389a21b_0004f000 11/27/2005 7:10 AM 435 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000fbf_438b7334_000e8e56 11/28/2005 4:14 PM 2.31 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000fbf_438c4b27_0003cdf9 11/29/2005 7:35 AM 169 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000fc9_4388912c_00019c9e 11/26/2005 11:45 AM 32 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000fc9_4389a284_00089eb1 11/27/2005 7:11 AM 244.02 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000fc9_438b7418_0008b768 11/28/2005 4:18 PM 876 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000fc9_438c4c18_000aef06 11/29/2005 7:39 AM 14.11 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000ff4_438a24f9_0009ba69 11/27/2005 4:28 PM 351.11 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000ff4_438a4a8a_00045ba6 11/27/2005 7:08 PM 7.23 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00000ff4_438cd533_0009dcbc 11/29/2005 5:24 PM 435 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00001002_438a4e11_0006a05e 11/27/2005 7:23 PM 4.58 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00001003_4389a5b4_0003c800 11/27/2005 7:25 AM 241 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00001003_438cbd13_000bfdd9 11/29/2005 3:41 PM 82.88 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00001030_438c8241_000a94a0 11/29/2005 11:30 AM 4.66 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00001049_438b8150_000af25b 11/28/2005 5:14 PM 1.87 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00001049_438c50a2_00030044 11/29/2005 7:59 AM 5.56 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00001056_438a59d3_0009a793 11/27/2005 8:13 PM 1.12 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000105a_438a31c6_0006db59 11/27/2005 5:23 PM 1.57 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000105a_438cdb4b_0006172b 11/29/2005 5:50 PM 7.64 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00001075_438a3533_000dbfdb 11/27/2005 5:37 PM 437 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000010bf_438a8ab1_000336b4 11/27/2005 11:42 PM 116.34 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000010d9_4389a4d3_00047dc4 11/27/2005 7:21 AM 169 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000010d9_438c8236_0003ebc3 11/29/2005 11:30 AM 4.61 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000010d9_438c823d_00015300 11/29/2005 11:30 AM 3.59 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000010df_438a61e0_00060ab3 11/27/2005 8:48 PM 168 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000010e4_438a62e0_00073c41 11/27/2005 8:52 PM 781 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000113e_438cbc4f_000d7ddc 11/29/2005 3:38 PM 401 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000113f_438a61c8_00009fe6 11/27/2005 8:47 PM 13.45 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00001161_438a4fbe_0000c59e 11/27/2005 7:30 PM 122.26 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000116c_438a59e2_00025803 11/27/2005 8:14 PM 1.11 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00001178_438a6a60_000c2348 11/27/2005 9:24 PM 405 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000117a_4389a547_000eae34 11/27/2005 7:23 AM 36.05 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000117a_438cbc43_00068123 11/29/2005 3:38 PM 543 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000011b8_438a2c88_000331ab 11/27/2005 5:00 PM 351.91 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000011b8_438cd6c0_000858e8 11/29/2005 5:31 PM 162.93 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000011d5_438a20fe_0003fe7b 11/27/2005 4:27 PM 1.42 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000011d5_438ccb95_00028653 11/29/2005 4:43 PM 109.13 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000011df_438a4e65_00017168 11/27/2005 7:25 PM 118.35 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000011f4_4388925f_000e9f5c 11/26/2005 11:50 AM 236.46 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000011f4_4389a295_0006daa8 11/27/2005 7:12 AM 52.64 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000011f4_438b7b68_0000a52b 11/28/2005 4:49 PM 405 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\000011f4_438c4c33_0002f840 11/29/2005 7:40 AM 5.01 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00001203_438a7911_000b7f30 11/27/2005 10:27 PM 227.49 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000121f_43888c7c_00042010 11/26/2005 11:25 AM 4.43 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000121f_438b71a6_0009c8ac 11/28/2005 4:07 PM 3.72 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000121f_438c4ad5_0009f2e6 11/29/2005 7:35 AM 37.18 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00001238_43888a99_0003e743 11/26/2005 11:17 AM 5.47 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00001238_4388df78_000ed356 11/26/2005 5:19 PM 170 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00001238_4389a194_000ea77b 11/28/2005 6:43 PM 455 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00001238_438b7030_00022d66 11/28/2005 6:43 PM 455 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00001238_438b96d7_000d4da3 11/28/2005 6:46 PM 70.85 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00001238_438c49d6_000a2709 11/29/2005 7:30 AM 837 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000123b_4389aba8_000ea6ec 11/27/2005 7:50 AM 4.54 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\0000123b_438cbd6d_000d3481 11/29/2005 3:43 PM 74.45 KB Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00001243_438a21bb_00062910 11/27/2005 4:14 PM 122 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00001243_438ccc4b_000e02e4 11/29/2005 4:46 PM 484 bytes Hidden from Windows API.
C:\Program Files\Theasoft\Cache\00001246_4389abe7_00057e1b 11/27/2005 7:51 AM 1.51 KB Hidden from Windows API.
C:\Program
  • 0

#7
SSmoked
Posted 29 November 2005 - 05:49 PM

SSmoked

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
As for all my startup items they are all disabled. It wouldint let me post all the results from the RootkitRevealer but they are all basically the same. Here are the Kaspersky scan results. Ouch.

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, November 29, 2005 18:35:37
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 30/11/2005
Kaspersky Anti-Virus database records: 162215
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 54557
Number of viruses found: 5
Number of infected objects: 20
Number of suspicious objects: 0
Duration of the scan process: 1506 sec

Infected Object Name - Virus Name
C:\Documents and Settings\All Users\ts4.1\download\Sysfiles\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616
C:\Documents and Settings\All Users\ts4.1\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.603
C:\Documents and Settings\Jon`\Desktop\[bleep]\mirc616.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616
C:\Documents and Settings\Jon`\Desktop\[bleep]\mirc616.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616
C:\Documents and Settings\Jon`\Desktop\[bleep]\tsinstall401.exe/mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.603
C:\Documents and Settings\Jon`\Desktop\[bleep]\tsinstall401.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.603
C:\Documents and Settings\Jon`\Local Settings\Temp\ctoxt.exe Infected: Trojan.Win32.Crypt.t
C:\Program Files\the script 2003\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.603
C:\System Volume Information\_restore{76E50293-621C-4622-B3BB-8DDE62E1F71F}\RP1\A0000071.com Infected: Packed.Win32.CryptExe
C:\System Volume Information\_restore{76E50293-621C-4622-B3BB-8DDE62E1F71F}\RP1\A0000072.com Infected: Packed.Win32.CryptExe
C:\System Volume Information\_restore{76E50293-621C-4622-B3BB-8DDE62E1F71F}\RP1\A0000082.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
C:\System Volume Information\_restore{76E50293-621C-4622-B3BB-8DDE62E1F71F}\RP3\A0000173.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{76E50293-621C-4622-B3BB-8DDE62E1F71F}\RP3\A0000174.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{76E50293-621C-4622-B3BB-8DDE62E1F71F}\RP3\A0000175.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{76E50293-621C-4622-B3BB-8DDE62E1F71F}\RP3\A0000176.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{76E50293-621C-4622-B3BB-8DDE62E1F71F}\RP3\A0000177.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{76E50293-621C-4622-B3BB-8DDE62E1F71F}\RP3\A0000178.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{76E50293-621C-4622-B3BB-8DDE62E1F71F}\RP3\A0000196.dll Infected: Trojan.Win32.Crypt.t
C:\WINDOWS\system32\gcdelnet.exe Infected: Trojan.Win32.Crypt.t
C:\WINDOWS\system32\tooole32.dll Infected: Trojan.Win32.Crypt.t

Scan process completed.

I guess im going to try cleaning/deleting all that. Again, thanks for the help. =)
  • 0

#8
SSmoked
Posted 29 November 2005 - 06:51 PM

SSmoked

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Sorry about the startup programs thing. I enabled all and restarted. Then ran HijackThis. Here is the new log. Also, from the Kaspersky i did not have an option to delete anything.

Logfile of HijackThis v1.99.1
Scan saved at 7:48:38 PM, on 11/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\program files\mozilla firefox\qttask.exe
C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Jon`\aim.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\HijackThis\HijackThis.exe

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\mozilla firefox\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Documents and Settings\Jon`\aim.exe -cnetwait.odl
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\Jon`\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
  • 0

#9
Armodeluxe
Posted 30 November 2005 - 08:20 AM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download AproposFix from here:
http://swandog46.gee.../aproposfix.exe

Save it to your desktop but do NOT run it yet.

Then please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Open HijackThis and click Scan. Put a check next to this, close all open windows except HijackThis and click Fix Checked:

O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe

Reconfigure Windows XP to show hidden files:
Click Start. Open My Computer.
Select the Tools menu and click Folder Options. Select the View Tab.

Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.

Now locate and delete these files:

C:\Documents and Settings\Jon`\Local Settings\Temp\ctoxt.exe
C:\WINDOWS\system32\gcdelnet.exe
C:\WINDOWS\system32\tooole32.dll


Next, please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

When the tool is finished, please reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file in the aproposfix folder.
  • 0

#10
SSmoked
Posted 01 December 2005 - 03:52 PM

SSmoked

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Sorry. I just re-formatted. Figured it would be more easy then trying to get rid of all that crap. Ive read alot on this site and im still not sure about a good protection to use with firefox and ie. There are 2 users for this computer so what would be the best protection from this happening again? Thanks again for your help.
  • 0

#11
Armodeluxe
Posted 02 December 2005 - 11:02 AM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Here is my template prevention speech:


Please take the following into consideration to maintain a clean computer.

Now you should go get a firewall. Don't rely on the Windows firewall as it monitors only incoming traffic. Pick one of these, they are all free.
Kerio
Zonealarm
Sygate

I'll also recommend you to install a monitoring software which will monitor certain areas on your computer and will place alerts when those are being modified. One such software I'll recommend is Prevx, but it's for advanced users as the messages it displays can be hard to decipher. One other similar but more user friendly software is Winpatrol. Both are free programs.
Winpatrol
Prevx

Visit Windows Update regularly to get the latest security updates.You can also enable automatic updates.Your antivirus software and antispyware programs should also be updated regularly. Make a habit of running scans on a timely basis. Be careful about what you download, scan every file before clicking on it.

Additional programs to consider:

Spywareblaster Prevents the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.Blocks spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.Restricts the actions of potentially unwanted sites in Internet Explorer.
Spywareguard An anti-virus program scans files before you open them and prevents execution if a virus is detected - SpywareGuard does the same thing, but for spyware!
IE/Spyad
Adds a list of malicious sites to your Restricted Sites Zone.
Firefox An alternate browser safer than IE

A good article to read:
So how did I get infected in the first place?

Regards,

Armodeluxe
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP