Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Java Won't Load & Memory Error When Exiting Ie See Hijackthis Log


  • Please log in to reply
7 replies to this topic

#1 mbar62

mbar62

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 25 August 2007 - 06:22 PM

I've followed the rules and ran AdAware, Spybot, AVG, Crap Cleaner and other programs, but Java Won't Load under any circumstances. I've tried deleting Java and downloading it manually several times, to no avail. I've also notice that whenever I try to load Java and then exit Internet Explorer, I get an error stating "the instruction at 0x0000000 referenced memory at 0x0000000 and could not be written. If I don't try to load Java, IE closes normally without the error message.

Here is my HIJACKTHIS Log. Please help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:14:33 PM, on 8/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WBT] "C:\Program Files\West Group\West BriefTools\aps.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Global Startup: eEye Windows Animated Cursor Patch Checker.lnk = C:\Program Files\eEye Digital Security\Windows .ANI Zero-Day Patch\anipatchchecker.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.manateepao.com
O15 - Trusted Zone: http://*.neopets.com
O15 - Trusted Zone: http://www.ssd.noaa.gov
O15 - Trusted Zone: http://www.squiglysplayhouse.com
O15 - Trusted Zone: www.ssd.noaa
O15 - Trusted Zone: *.verizonwireless.com
O15 - Trusted Zone: *.wachovia.com
O15 - Trusted Zone: http://web2.westlaw.com
O15 - Trusted Zone: *.westlaw.com
O15 - Trusted Zone: http://www.wunderground.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {594ECDD4-A991-4208-A7B7-00DDAD9BE328} (Photosynth Class) - http://media.labs.live.com/all/ps/_code_/Photosynth.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/d...wlscbase969.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1159492663689
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirel...loadControl.cab
O18 - Protocol: bw+0 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bw+0s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bw-0 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bw-0s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bw00 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bw00s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bw10 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bw10s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bw20 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bw20s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bw30 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bw30s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bw40 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bw40s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bw50 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bw50s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bw60 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bw60s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bw70 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bw70s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bw80 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bw80s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bw90 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bw90s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwa0 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwa0s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwb0 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwb0s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwc0 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwc0s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwd0 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwd0s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwe0 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwe0s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwf0 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwf0s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
O18 - Protocol: bwg0 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwg0s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwh0 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwh0s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwi0 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwi0s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwj0 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwj0s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwk0 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwk0s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwl0 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwl0s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwm0 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwm0s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwn0 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwn0s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwo0 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwo0s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwp0 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwp0s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwq0 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwq0s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwr0 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwr0s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bws0 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bws0s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwt0 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwt0s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwu0 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwu0s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwv0 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwv0s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bww0 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bww0s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwx0 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwx0s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwy0 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwy0s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwz0 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwz0s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: offline-8876480 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 18275 bytes

Edited by mbar62, 25 August 2007 - 06:23 PM.


BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 26 August 2007 - 08:53 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum mbar62 :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O15 - Trusted Zone: http://www.manateepao.com
O15 - Trusted Zone: http://*.neopets.com
O15 - Trusted Zone: http://www.ssd.noaa.gov
O15 - Trusted Zone: http://www.squiglysplayhouse.com
O15 - Trusted Zone: www.ssd.noaa
O15 - Trusted Zone: *.verizonwireless.com
O15 - Trusted Zone: *.wachovia.com
O15 - Trusted Zone: http://web2.westlaw.com
O15 - Trusted Zone: *.westlaw.com
O15 - Trusted Zone: http://www.wunderground.com
O18 - Protocol: bw+0 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bw+0s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bw-0 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bw-0s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bw00 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bw00s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bw10 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bw10s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bw20 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bw20s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bw30 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bw30s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bw40 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bw40s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bw50 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bw50s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bw60 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bw60s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bw70 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bw70s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bw80 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bw80s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bw90 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bw90s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwa0 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwa0s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwb0 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwb0s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwc0 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwc0s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwd0 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwd0s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwe0 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwe0s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwf0 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwf0s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
O18 - Protocol: bwg0 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwg0s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwh0 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwh0s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwi0 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwi0s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwj0 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwj0s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwk0 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwk0s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwl0 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwl0s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwm0 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwm0s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwn0 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwn0s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwo0 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwo0s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwp0 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwp0s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwq0 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwq0s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwr0 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwr0s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bws0 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bws0s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwt0 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwt0s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwu0 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwu0s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwv0 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwv0s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bww0 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bww0s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwx0 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwx0s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwy0 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwy0s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwz0 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: bwz0s - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)
O18 - Protocol: offline-8876480 - {7B6F2849-A868-4301-8DF6-D025DDA5E3CE} - (no file)

Download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 mbar62

mbar62
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 26 August 2007 - 04:29 PM

Richie:

Here is the Combo Fix Log and new HijackThis log below.

ComboFix 07-08-26.3 - "Owner" 2007-08-26 17:10:14.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.443 [GMT -4:00]


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\JULIAT~1\Desktop\internet explorer.lnk
D:\Autorun.inf


((((((((((((((((((((((((( Files Created from 2007-07-26 to 2007-08-26 )))))))))))))))))))))))))))))))


2007-08-26 17:08 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-25 17:26 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
2007-08-25 17:26 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2007-08-25 17:26 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2007-08-25 17:26 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2007-08-25 17:26 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2007-08-25 17:26 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2007-08-21 16:16 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-08-21 14:11 <DIR> d-------- C:\Program Files\CCleaner
2007-08-21 14:10 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\ICQ Toolbar
2007-08-21 14:08 <DIR> d-------- C:\Program Files\ICQToolbar
2007-08-21 14:03 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\InstallShield
2007-08-21 13:47 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-07 18:52 <DIR> d-------- C:\Program Files\iPod
2007-08-07 18:51 <DIR> d-------- C:\Program Files\iTunes


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-25 19:47 0 --a--c--- C:\WINDOWS\system32\drivers\lvuvc.hs
2007-08-24 17:03 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k7
2007-08-24 17:03 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k6
2007-08-24 17:03 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k5
2007-08-24 17:03 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k4
2007-08-24 17:03 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k3
2007-08-24 17:03 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k2
2007-08-24 17:03 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k1
2007-08-24 17:03 55782 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k0
2007-08-21 14:20 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-21 14:17 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-14 07:17 --------- d-------- C:\Program Files\Napster
2007-08-14 07:17 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Napster
2007-08-07 18:45 --------- d-------- C:\Program Files\Apple Software Update
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a--c--- C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a--c--- C:\WINDOWS\system32\wups.dll
2007-07-23 18:53 --------- d-------- C:\DOCUME~1\JULIAT~1\APPLIC~1\Google
2007-07-23 08:02 879832 --a------ C:\WINDOWS\system32\drivers\vetefile.sys
2007-07-23 08:02 108360 --a------ C:\WINDOWS\system32\drivers\veteboot.sys
2007-07-20 10:44 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
2007-07-19 13:20 --------- d--h----- C:\Program Files\Zero G Registry
2007-07-19 13:01 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\SciTech
2007-07-18 08:50 --------- d-------- C:\Program Files\Citrix
2007-07-17 22:10 --------- d-------- C:\Program Files\West Group
2007-07-17 22:03 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\CNN
2007-07-17 10:02 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CA
2007-07-17 09:56 --------- d-------- C:\Program Files\Common Files\Scanner
2007-07-17 09:56 --------- d-------- C:\Program Files\CA
2007-07-15 23:42 --------- d-------- C:\Program Files\Google
2007-07-15 20:33 --------- d-------- C:\Program Files\QuickTime
2007-07-15 20:30 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-14 15:12 --------- d-------- C:\DOCUME~1\JULIAT~1\APPLIC~1\WinPatrol
2007-07-14 13:43 --------- d-------- C:\Program Files\BillP Studios
2007-07-14 13:43 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\WinPatrol
2007-07-13 22:36 --------- d-------- C:\DOCUME~1\JULIAT~1\APPLIC~1\Apple Computer
2007-07-13 09:21 --------- dr-h----- C:\DOCUME~1\Owner\APPLIC~1\yahoo!
2007-07-13 09:19 --------- d-------- C:\Program Files\Yahoo!
2007-07-13 06:56 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\yahoo!
2007-07-13 06:43 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-07-13 06:41 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\SayItSafe
2007-07-12 20:54 --------- d-------- C:\Program Files\iTunes(2)
2007-07-12 20:54 --------- d-------- C:\Program Files\iPod(2)
2007-07-12 20:53 --------- d-------- C:\Program Files\Kodak
2007-07-12 20:53 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak
2007-07-03 15:40 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Apple Computer
2007-07-03 07:38 --------- d-------- C:\Program Files\Common Files\Apple
2007-06-26 02:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 09:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 06:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-12 12:32 75280 --a------ C:\WINDOWS\system32\isafprod.dll
2007-05-31 13:47 256784 --a------ C:\WINDOWS\system32\UmxSbxw.dll
2007-05-31 13:47 117520 --a------ C:\WINDOWS\system32\UmxSbxExw.dll
2007-02-27 00:29 0 ---h-c--- C:\Program Files\AppUpdate.log


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-06 00:56]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-18 11:32]
"nwiz"="nwiz.exe" [2005-09-18 11:32 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-09-18 11:32]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 20:07 C:\WINDOWS\system32\HdAShCut.exe]
"readericon"="C:\Program Files\Digital Media Reader\readericon45G.exe" [2005-08-27 08:09]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"RTHDCPL"="RTHDCPL.EXE" []
"NWEReboot"="" []
"WBT"="C:\Program Files\West Group\West BriefTools\aps.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-06-12 12:33]
"QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe" [2007-07-17 09:57]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-06-12 12:32]
"cafwc"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2007-06-01 14:14]
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2007-06-01 14:14]
"capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2007-06-01 14:07]
"GoToMyPC"="C:\Program Files\Citrix\GoToMyPC\g2svc.exe" [2007-01-12 17:45]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 18:44]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-13 08:35]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-26 15:39]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Power2GoExpress"=NA

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll 2007-01-12 17:45 10800 C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll 2007-05-18 14:30 79368 C:\WINDOWS\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler]
C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"PrismXL"=2 (0x2)
"PPCtlPriv"=3 (0x3)
"ose"=3 (0x3)
"MDM"=2 (0x2)
"LVPrcSrv"=2 (0x2)

R0 KmxStart;KmxStart;C:\WINDOWS\system32\DRIVERS\kmxstart.sys
R1 KmxAgent;KmxAgent;C:\WINDOWS\system32\DRIVERS\kmxagent.sys
R1 KmxFile;KmxFile;C:\WINDOWS\system32\DRIVERS\KmxFile.sys
R1 KmxFw;KmxFw;C:\WINDOWS\system32\DRIVERS\kmxfw.sys
R2 KmxCF;KmxCF;C:\WINDOWS\system32\DRIVERS\KmxCF.sys
R2 KmxSbx;KmxSbx;C:\WINDOWS\system32\DRIVERS\KmxSbx.sys
R2 UmxAgent;HIPS Event Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe"
R2 UmxCfg;HIPS Configuration Interpreter;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe"
R2 UmxPol;HIPS Policy Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe"
R3 KmxCfg;KmxCfg;C:\WINDOWS\system32\DRIVERS\kmxcfg.sys
S3 L8042mou;SetPoint PS/2 Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
S3 LVPrcMon;Logitech LVPrcMon Driver;\??\C:\WINDOWS\system32\drivers\LVPrcMon.sys
S3 PPCtlPriv;PPCtlPriv;"C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe"

*Newly Created Service* - CATCHME

Contents of the 'Scheduled Tasks' folder
2007-08-23 14:03:11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-08-16 11:58:46 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Owner at 6 58 AM.job - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe
2007-08-12 14:02:00 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Owner at 9 02 AM.job
2007-08-16 14:57:16 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Owner at 9 57 AM.job
2007-03-13 02:56:06 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-26 17:14:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-26 17:17:14
C:\ComboFix-quarantined-files.txt ... 2007-08-26 17:17

--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:25:31 PM, on 8/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [WBT] "C:\Program Files\West Group\West BriefTools\aps.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Global Startup: eEye Windows Animated Cursor Patch Checker.lnk = C:\Program Files\eEye Digital Security\Windows .ANI Zero-Day Patch\anipatchchecker.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {594ECDD4-A991-4208-A7B7-00DDAD9BE328} (Photosynth Class) - http://media.labs.live.com/all/ps/_code_/Photosynth.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/d...wlscbase969.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1159492663689
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirel...loadControl.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 11369 bytes

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 26 August 2007 - 06:37 PM

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Your log is clean,hows your pc running now.
Posted Image
Posted Image

#5 mbar62

mbar62
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 27 August 2007 - 06:34 AM

It's running faster, but the Java problem continues as does the memory error whenever I exit IE after trying to load Java.

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 27 August 2007 - 06:39 AM

Try uninstalling IE7 via Control Panel/Add or Remove Programs,then restart your pc.
Let me know what happens.
Posted Image
Posted Image

#7 mbar62

mbar62
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 27 August 2007 - 07:39 AM

It's now running IE 6 and does the same thing whenever Java loads.

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 27 August 2007 - 08:25 AM

Try the following.
Disconnect from the internet.
Click on Start>Run,type msconfig then press Enter.
Under the 'Startup' tab uncheck EVERYTHING,then reboot.

Go to Control Panel/Security Center and turn on the Windows Firewall.
Reconnect to the internet,has that made any difference at all.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users