Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log: Please Help Diagnose


  • Please log in to reply
3 replies to this topic

#1 bananado

bananado

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 08 August 2007 - 07:56 PM

Hi hi,

Have pop up problems with IE. Can't get rid of it with any program. Please help. Thanks in advance.

Logfile of HijackThis v1.99.1
Scan saved at 8:39:17 AM, on 8/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\notes\ntmulti.exe
C:\Program Files\Maxtor\Utils\SyncServices.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Maxtor\ManagerApp\Onetouch.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\bernard.ho\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENSG/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.sg/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENSG/SAOS01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [Florentis XP SP2 Patch for Prudential] C:\Program Files\PrudentialWay\esignature\fl_ie.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\ManagerApp\Onetouch.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Army Online Move Tick] C:\Documents and Settings\All Users\Application Data\file cash army online\Dupe rdr.exe
O4 - HKLM\..\Run: [surf global bold tick] C:\Documents and Settings\All Users\Application Data\glue chic tick file\Idle ping grim.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LoadJoy] C:\DOCUME~1\bernard.ho\APPLIC~1\CASTAN~1\Software Army.exe
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-sg\msntabres.dll.mui/229?022aa3757e414e52ac797f6d2347912f
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-sg\msntabres.dll.mui/230?022aa3757e414e52ac797f6d2347912f
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.can.com.sg/mwf/mgaxctrl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - D:\notes\ntmulti.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\Utils\SyncServices.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:12:17 PM

Posted 09 August 2007 - 05:36 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum bananado :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.
----------------------------------------------------------
Download Deljob.exe and save it on your desktop.
Double click on Deljob.exe.
A log,(logit.txt) should open afterwards.
This log will be present on your desktop.
Post the contents of the logfile into your next reply,along with a new Hijack This log.
Posted Image
Posted Image

#3 bananado

bananado
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 11 August 2007 - 06:05 AM

Hi Richie,

Thanks for your help. :) Here are the logs

ComboFix log:

ComboFix 07-08-11 - "bernard.ho" 2007-08-11 18:37:17.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.628 [GMT 8:00]


((((((((((((((((((((((((( Files Created from 2007-07-11 to 2007-08-11 )))))))))))))))))))))))))))))))


2007-08-11 18:31 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-08 09:34 <DIR> d-------- C:\Program Files\Yahoo!
2007-08-05 08:16 <DIR> d-------- C:\3d6706f2c475d2055ca1d2afa763
2007-08-05 06:01 <DIR> d-------- C:\Program Files\Windows Defender
2007-08-04 12:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\glue chic tick file
2007-08-04 12:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\file cash army online
2007-08-04 12:09 <DIR> d-------- C:\Program Files\CAST ANTI COMP
2007-07-30 08:52 879,832 --a------ C:\WINDOWS\system32\drivers\vetefile.sys
2007-07-30 08:52 108,360 --a------ C:\WINDOWS\system32\drivers\veteboot.sys
2007-07-16 08:49 <DIR> d-------- C:\Program Files\AutoUnpack
2007-07-16 08:29 <DIR> d--h----- C:\WINDOWS\PIF
2007-07-16 08:28 <DIR> d-------- C:\Program Files\Mental9Production
2007-07-14 05:06 <DIR> d-------- C:\Program Files\uTorrent


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2016-01-12 06:02 28160 --a------ C:\WINDOWS\system32\PortmonHelper.exe
2007-08-11 18:12 --------- d-------- C:\DOCUME~1\bernard.ho\APPLIC~1\U3
2007-08-11 16:06 --------- d-------- C:\DOCUME~1\bernard.ho\APPLIC~1\uTorrent
2007-08-04 12:15 --------- d-------- C:\DOCUME~1\bernard.ho\APPLIC~1\CAST ANTI COMP
2007-07-16 08:40 --------- d-------- C:\Program Files\Trillian
2007-07-12 06:53 --------- d-------- C:\Program Files\PrudentialWay
2007-07-11 22:05 --------- d-------- C:\Program Files\DivX
2007-07-03 03:41 524288 --a------ C:\WINDOWS\system32\DivXsm

#4 bananado

bananado
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 11 August 2007 - 07:43 AM

Hi Richie,

Thanks for your help. :thumbsup: Here are the logs

ComboFix log:

ComboFix 07-08-11 - "bernard.ho" 2007-08-11 18:37:17.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.628 [GMT 8:00]


((((((((((((((((((((((((( Files Created from 2007-07-11 to 2007-08-11 )))))))))))))))))))))))))))))))


2007-08-11 18:31 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-08 09:34 <DIR> d-------- C:\Program Files\Yahoo!
2007-08-05 08:16 <DIR> d-------- C:\3d6706f2c475d2055ca1d2afa763
2007-08-05 06:01 <DIR> d-------- C:\Program Files\Windows Defender
2007-08-04 12:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\glue chic tick file
2007-08-04 12:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\file cash army online
2007-08-04 12:09 <DIR> d-------- C:\Program Files\CAST ANTI COMP
2007-07-30 08:52 879,832 --a------ C:\WINDOWS\system32\drivers\vetefile.sys
2007-07-30 08:52 108,360 --a------ C:\WINDOWS\system32\drivers\veteboot.sys
2007-07-16 08:49 <DIR> d-------- C:\Program Files\AutoUnpack
2007-07-16 08:29 <DIR> d--h----- C:\WINDOWS\PIF
2007-07-16 08:28 <DIR> d-------- C:\Program Files\Mental9Production
2007-07-14 05:06 <DIR> d-------- C:\Program Files\uTorrent


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2016-01-12 06:02 28160 --a------ C:\WINDOWS\system32\PortmonHelper.exe
2007-08-11 18:12 --------- d-------- C:\DOCUME~1\bernard.ho\APPLIC~1\U3
2007-08-11 16:06 --------- d-------- C:\DOCUME~1\bernard.ho\APPLIC~1\uTorrent
2007-08-04 12:15 --------- d-------- C:\DOCUME~1\bernard.ho\APPLIC~1\CAST ANTI COMP
2007-07-16 08:40 --------- d-------- C:\Program Files\Trillian
2007-07-12 06:53 --------- d-------- C:\Program Files\PrudentialWay
2007-07-11 22:05 --------- d-------- C:\Program Files\DivX
2007-07-03 03:41 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-07-03 03:41 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-03 03:41 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-03 03:41 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-03 03:37 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-07-03 03:37 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-07-03 03:37 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-07-03 03:37 740442 --a------ C:\WINDOWS\system32\DivX.dll
2007-07-03 03:37 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-03 03:37 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-07-03 03:37 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-07-03 03:37 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-07-03 03:37 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-07-03 03:37 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-07-03 03:37 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-07-03 03:37 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-07-03 03:36 124472 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-07-03 03:36 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-06-23 14:38 --------- d-------- C:\Program Files\FLV Player
2007-06-21 13:58 --------- d-------- C:\Program Files\hott notes 4
2007-06-21 13:58 --------- d-------- C:\DOCUME~1\bernard.ho\APPLIC~1\hott notes 4
2007-06-18 13:04 641021 --a------ C:\WINDOWS\unins000.exe
2007-06-18 13:04 --------- d-------- C:\Program Files\XviD
2007-06-18 12:42 --------- d-------- C:\DOCUME~1\bernard.ho\APPLIC~1\dvdcss
2007-06-18 08:46 --------- d-------- C:\Program Files\MDIviewer
2007-05-16 23:12 86528 --------- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 23:12 85504 --------- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 23:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 23:12 683520 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 23:12 510976 --------- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 23:12 1314816 --------- C:\WINDOWS\system32\dllcache\msoe.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-01-23 02:36]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-23 02:31]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 02:40]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 02:38]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-10-13 16:04]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-05-05 08:41]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 13:24]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-11-05 13:52]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 13:54]
"hpWirelessAssistant"="C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-01-21 13:40]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 21:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 21:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 21:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 21:00]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-06-19 06:26]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-05-03 09:12]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-04-24 06:44]
"Lexmark 2200 Series"="C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe" [2004-02-13 08:08]
"Florentis XP SP2 Patch for Prudential"="C:\Program Files\PrudentialWay\esignature\fl_ie.exe" [2007-02-28 11:40]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"MaxtorOneTouch"="C:\Program Files\Maxtor\ManagerApp\Onetouch.exe" [2006-08-11 08:45]
"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2006-08-11 11:15]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"Army Online Move Tick"="C:\Documents and Settings\All Users\Application Data\file cash army online\Dupe rdr.exe" [2007-08-11 17:34]
"surf global bold tick"="C:\Documents and Settings\All Users\Application Data\glue chic tick file\Idle ping grim.exe" [2007-08-10 23:09]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 16:00]
"LoadJoy"="C:\DOCUME~1\bernard.ho\APPLIC~1\CASTAN~1\Software Army.exe" [2007-08-04 12:09]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CamTray.exe" [2005-10-27 18:00]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2004-11-29 19:55:44]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

R1 eabfiltr;EABFiltr;\??\C:\WINDOWS\system32\drivers\EABFiltr.sys
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI;C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
R3 CAMCAUD;Conexant AMC Audio;C:\WINDOWS\system32\drivers\camc6aud.sys
R3 CAMCHALA;CAMCHALA;C:\WINDOWS\system32\drivers\camc6hal.sys
R3 HSFHWICH;HSFHWICH;C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver;C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
S3 eabusb;eabusb;\??\C:\WINDOWS\system32\drivers\eabusb.sys
S3 MXOPSWD;Maxtor OneTouch Security Driver;C:\WINDOWS\system32\DRIVERS\mxopswd.sys
S3 V0330VID;WebCam Vista;C:\WINDOWS\system32\DRIVERS\V0330Vid.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5dc4b0a0-f1a9-11db-92d8-00c09ff6ded8}]
AutoRun\command- F:\PCConnect.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3d6caf8-f453-11db-92dc-00c09ff6ded8}]
AutoRun\command- PCConnect.exe


Contents of the 'Scheduled Tasks' folder
2007-08-11 10:00:01 C:\WINDOWS\Tasks\A5C31A1F918C8E57.job - c:\docume~1\bernard.ho\applic~1\castan~1\Clockatompile.exe
2007-08-11 10:21:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
2007-08-11 10:38:31 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe
2007-08-11 10:39:00 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDetect.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-11 18:39:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????2?1?8?4??????? ?,?B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-11 18:40:44

--- E O F ---


Deljob Log:

--------------------------------------------------------
File(s) moved to C:\deljob

A5C31A1F918C8E57.job
--------------------------------------------------------
Files remaining after cleaning

Check Updates for Windows Live Toolbar.job
MP Scheduled Scan.job
Symantec NetDetect.job
--------------------------------------------------------
App data folders

Volume in drive C is WinXP
Volume Serial Number is 4FAE-35F8

Directory of C:\Documents and Settings\bernard.ho\Application Data

2007-06-21 13:58 <DIR> .
2007-06-21 13:58 <DIR> ..
2007-05-16 10:07 <DIR> Adobe
2007-05-05 09:19 <DIR> AdobeUM
2005-05-05 08:41 <DIR> APPLEC~1 Apple Computer
2007-04-23 16:57 <DIR> Brother
2007-08-04 12:15 <DIR> CASTAN~1 CAST ANTI COMP
2007-06-01 14:29 <DIR> Creative
2007-04-23 23:11 <DIR> DivX
2007-06-18 12:42 <DIR> dvdcss
2007-05-20 07:40 <DIR> Google
2007-04-23 22:48 <DIR> GTek
2007-05-20 08:18 <DIR> Help
2007-06-21 13:58 <DIR> HOTTNO~1 hott notes 4
2005-05-05 22:35 <DIR> IDENTI~1 Identities
2007-04-26 22:48 <DIR> INTERV~1 InterVideo
2007-05-24 06:55 <DIR> Lavasoft
2005-12-07 11:52 <DIR> MACROM~1 Macromedia
2007-06-15 16:29 <DIR> MICROS~1 Microsoft
2007-04-24 08:35 <DIR> Mozilla
2007-05-20 07:26 <DIR> Opera
2007-04-24 06:52 <DIR> Real
2007-04-23 16:51 <DIR> Sun
2005-05-05 08:51 <DIR> Symantec
2007-08-11 18:12 <DIR> U3
2007-08-11 16:06 <DIR> uTorrent
2007-04-23 23:11 <DIR> vlc
0 File(s) 0 bytes
27 Dir(s) 3,773,997,056 bytes free
Volume in drive C is WinXP
Volume Serial Number is 4FAE-35F8

Directory of C:\Documents and Settings\All Users\Application Data

2007-08-04 12:13 <DIR> .
2007-08-04 12:13 <DIR> ..
2007-06-29 07:06 <DIR> Adobe
2005-05-05 08:40 <DIR> APPLEC~1 Apple Computer
2007-04-23 17:17 <DIR> CA
2007-08-04 12:11 <DIR> FILECA~1 file cash army online
2007-08-04 12:13 <DIR> GLUECH~1 glue chic tick file
2007-05-24 06:29 <DIR> Google
2007-04-23 22:48 <DIR> GTek
2005-12-03 22:26 <DIR> hpqwmi
2005-05-05 08:33 <DIR> INSTAL~1 InstallShield
2007-06-05 20:10 <DIR> Maxtor
2007-08-05 06:01 <DIR> MICROS~1 Microsoft
2005-05-05 08:49 <DIR> MUVEET~1 muvee Technologies
2005-12-07 11:33 <DIR> QUICKT~1 QuickTime
2007-08-04 12:09 <DIR> REGSRO~1 Regsroamlogoskip
2005-12-04 07:27 <DIR> SANDLO~1 Sandlot Games
2005-05-05 22:35 <DIR> SBSI
2007-04-23 17:31 <DIR> Symantec
2007-05-27 20:43 <DIR> WINDOW~2 Windows Genuine Advantage
2007-04-27 12:09 <DIR> WINDOW~1 Windows Live Toolbar
0 File(s) 0 bytes
21 Dir(s) 3,773,997,056 bytes free
--------------------------------------------------------

Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 18:52, on 2007-08-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\notes\ntmulti.exe
C:\Program Files\Maxtor\Utils\SyncServices.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Maxtor\ManagerApp\Onetouch.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
D:\My Documents\DownProg\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.sg/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENSG/SAOS01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [Florentis XP SP2 Patch for Prudential] C:\Program Files\PrudentialWay\esignature\fl_ie.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\ManagerApp\Onetouch.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Army Online Move Tick] C:\Documents and Settings\All Users\Application Data\file cash army online\Dupe rdr.exe
O4 - HKLM\..\Run: [surf global bold tick] C:\Documents and Settings\All Users\Application Data\glue chic tick file\Idle ping grim.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LoadJoy] C:\DOCUME~1\bernard.ho\APPLIC~1\CASTAN~1\Software Army.exe
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-sg\msntabres.dll.mui/229?022aa3757e414e52ac797f6d2347912f
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-sg\msntabres.dll.mui/230?022aa3757e414e52ac797f6d2347912f
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.can.com.sg/mwf/mgaxctrl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - D:\notes\ntmulti.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\Utils\SyncServices.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users