Jump to content

How can I verify that malware has been completely removed?


Recommended Posts

Hello,

Two days ago I picked up a drive-by infection; Avast started reporting that it was preventing access to suspicious webpages by process svchost.exe.

Autoruns showed me that that the malware had dropped a "dxdiag.exe" file into my Startup folder. I could delete this but it always re-appeared after a few seconds.

I then ran a full system scan with Avast which flagged up some trojans in the Java cache. I deleted these but the problem did not go away.

I then used autouruns again to try to find the process that was putting the malware back into the Startup folder. I couldn't see an obvious culprit so I tried using a restore point, hoping that it would clear out any registry additions made by the malware. This seems to have stopped the obvious problem of malware trying to access web sites with cryptic names, at least Avast has stopped showing an alert every few minutes.

Because I "cured" the problem without fully understanding it, I'm now worried that there might be something left. I don't feel that I can trust Avast as it failed to prevent this particular infection and also failed to find the dropped malware. So far I have downloaded the free version of Malwarebytes and run the quick scan. This showed no problems.

I would be very grateful if you could suggest a further course of action to verify that the system is really clean. I'm particularly worried out rootkits and backdoors.

Best regards

Charles

I forgot to attach the DDS logs; it's past my usual bedtime.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24

Run by John at 23:39:34 on 2011-12-21

Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.4087.2347 [GMT 0:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k apphost

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Program Files (x86)\IEInspector\HTTPAnalyzerFullV6\InjectWinSockServiceV6.exe

C:\Windows\SysWOW64\XSrvSetup.exe

C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Logitech\Gaming Software\LWEMon.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\ctfmon.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

mWinlogon: Userinit=userinit.exe

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [AdobeBridge]

mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\RESMON~1.LNK - C:\Windows\SysWOW64\resmon.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000

IE: {0EE59015-EBDF-4986-8F80-DB00975ABDCD} - {92F2BF89-AEA4-4A97-993E-9128C11F400D} - C:\PROGRA~2\IEINSP~1\HTTPAN~2\IEHTTP~1.DLL

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/Select/asusTek_sys_ctrl3.cab

DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx

DPF: {72376E32-8AF2-473F-BE32-E5D0F39C865D} - hxxp://www.cyberlink.com/prog/win7/js/UpdateAdvisor.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{8382C10E-784C-404F-99B8-85189AD0B8E1} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{8382C10E-784C-404F-99B8-85189AD0B8E1}\35F6F647974577F6 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{E9879D1F-6E88-4940-A6DF-161B1D5B5600} : DhcpNameServer = 192.168.1.1

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

Hosts: 0.0.0.0 sams.nikonimaging.com # Nikon Capture NX2

Hosts: 78.140.176.186 filesonic.com www.filesonic.com

Hosts: 78.140.181.198 wupload.co.uk www.wupload.co.uk

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\pgq5i4rs.default\

FF - prefs.js: browser.startup.homepage - hxxp://jrd.uni.cc/

FF - prefs.js: network.proxy.http - 195.244.235.212

FF - prefs.js: network.proxy.http_port - 8080

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\IEInspector\HTTPAnalyzerFullV6\firefox\Components\nphaplugin.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 mv91cons;Marvell 91xx Config Device Driver;C:\Windows\system32\DRIVERS\mv91cons.sys --> C:\Windows\system32\DRIVERS\mv91cons.sys [?]

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-12-12 44768]

R2 HttpAnalyzerV6 DllInjectService;HttpAnalyzerV6 CodeHook service;C:\Program Files (x86)\IEInspector\HTTPAnalyzerFullV6\InjectWinSockServiceV6.exe [2011-10-29 467264]

R2 JMB36X;JMB36X;C:\Windows\SysWOW64\XSrvSetup.exe [2009-12-26 65536]

R2 regi;regi;\??\C:\Windows\system32\drivers\regi.sys --> C:\Windows\system32\drivers\regi.sys [?]

R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\system32\DRIVERS\RtNdPt60.sys --> C:\Windows\system32\DRIVERS\RtNdPt60.sys [?]

R2 Windows7FirewallService;Windows7FirewallService;C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe [2010-4-10 614912]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 cmudaxp;ASUS Xonar D2X Audio Interface;C:\Windows\system32\drivers\cmudaxp.sys --> C:\Windows\system32\drivers\cmudaxp.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]

S3 AODDriver;AODDriver;C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [2010-3-12 52280]

S3 athrusb;Netgear WG111T modded device driver;C:\Windows\system32\DRIVERS\athrxusb.sys --> C:\Windows\system32\DRIVERS\athrxusb.sys [?]

S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2011-5-15 14216]

S3 etdrv;etdrv;C:\Windows\etdrv.sys [2009-12-14 25640]

S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2011-5-15 8456]

S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2009-12-14 30528]

S3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50a64.sys --> C:\Windows\system32\Drivers\PCAMp50a64.sys [?]

S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50a64.sys --> C:\Windows\system32\Drivers\PCASp50a64.sys [?]

S3 phc710;USB PC Camera (SPC710NC);C:\Windows\system32\DRIVERS\phc710.sys --> C:\Windows\system32\DRIVERS\phc710.sys [?]

S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);C:\Windows\system32\DRIVERS\RtTeam60.sys --> C:\Windows\system32\DRIVERS\RtTeam60.sys [?]

S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\system32\DRIVERS\RtVlan60.sys --> C:\Windows\system32\DRIVERS\RtVlan60.sys [?]

S3 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-6-17 431456]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);C:\Windows\system32\DRIVERS\RtTeam60.sys --> C:\Windows\system32\DRIVERS\RtTeam60.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 VisualSVNServer;VisualSVN Server;C:\Program Files (x86)\VisualSVN Server\bin\VisualSVNServer.exe [2010-7-13 23840]

S3 vpcuxd;USB Virtualization Stub Service;C:\Windows\system32\drivers\vpcuxd.sys --> C:\Windows\system32\drivers\vpcuxd.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WebUpdate4;Web Update Wizard Service V4;C:\Windows\SysWOW64\WebUpdateSvc4.exe [2009-8-13 262416]

S3 WG111T;NETGEAR WG111T USB2.0 Wireless Card Service;C:\Windows\system32\DRIVERS\WG111Tvx.sys --> C:\Windows\system32\DRIVERS\WG111Tvx.sys [?]

S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]

S4 RsFx0151;RsFx0151 Driver;C:\Windows\system32\DRIVERS\RsFx0151.sys --> C:\Windows\system32\DRIVERS\RsFx0151.sys [?]

.

=============== Created Last 30 ================

.

2011-12-21 22:43:37 -------- d-----w- C:\Users\John\AppData\Roaming\Malwarebytes

2011-12-21 22:43:15 -------- d-----w- C:\ProgramData\Malwarebytes

2011-12-21 22:43:12 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-12-21 22:43:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-12-21 22:22:54 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{796BB003-C7D3-43D5-A7D2-30E0D46A2653}\offreg.dll

2011-12-21 22:22:53 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{796BB003-C7D3-43D5-A7D2-30E0D46A2653}\mpengine.dll

2011-12-16 10:10:48 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-12-16 10:10:48 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-12-16 10:10:40 3145216 ----a-w- C:\Windows\System32\win32k.sys

2011-12-16 10:10:38 723456 ----a-w- C:\Windows\System32\EncDec.dll

2011-12-16 10:10:38 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2011-12-16 10:10:37 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll

2011-12-12 14:31:43 21126 ------w- C:\Windows\SysWow64\Anc32.vxd

2011-12-12 14:31:43 136192 ------w- C:\Windows\SysWow64\QMixer.dll

2011-12-12 14:31:39 -------- d-----w- C:\Codemasters

2011-12-06 12:41:07 -------- d-----w- C:\Race 07

2011-12-05 13:03:25 -------- d-----w- C:\Program Files (x86)\Codemasters

2011-12-05 13:02:40 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe

2011-12-04 14:00:34 -------- d-----w- C:\Program Files (x86)\Infogrames

2011-12-04 10:49:38 -------- d-----w- C:\Program Files\Microprose

2011-12-03 18:08:32 -------- d-----w- C:\Users\John\AppData\Local\Logitech

2011-12-03 17:57:09 -------- d-----w- C:\Program Files\Common Files\Logitech

2011-12-01 15:28:17 -------- d-----w- C:\SymCache

2011-12-01 15:23:16 -------- d-----w- C:\Program Files\Microsoft Windows Performance Toolkit

2011-12-01 13:29:42 523 ----a-w- C:\Windows\System32\ClearStartup.bat

2011-12-01 13:17:17 523 ----a-w- C:\Users\John\ClearStartup.bat

2011-11-28 13:33:29 -------- d-----w- C:\Users\John\AppData\Local\SoftHardware

2011-11-28 13:33:07 -------- d-----w- C:\Program Files (x86)\TweakPrefetch

.

==================== Find3M ====================

.

2011-12-13 11:35:17 25640 ----a-w- C:\Windows\etdrv.sys

2011-12-13 11:35:02 30528 ----a-w- C:\Windows\GVTDrv64.sys

2011-12-13 11:35:02 25640 ----a-w- C:\Windows\gdrv.sys

2011-12-03 00:10:33 2516 --sha-w- C:\ProgramData\KGyGaAvL.sys

2011-11-28 18:01:25 41184 ----a-w- C:\Windows\avastSS.scr

2011-11-28 17:54:06 591192 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2011-11-28 17:52:11 66904 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2011-11-22 19:40:52 1900 ----a-w- C:\Windows\System32\ud-boot-time.cmd

2011-11-22 19:02:29 1534 ----a-w- C:\Windows\SysWow64\ud-boot-time.cmd

2011-11-21 14:20:55 1352 ----a-w- C:\Windows\SysWow64\boot-on.cmd

2011-11-18 15:10:11 483 ----a-w- C:\Windows\SysWow64\boot-off.cmd

2011-11-16 15:06:45 59 ----a-w- C:\Windows\wpd99.drv

2011-11-15 14:29:56 270720 ------w- C:\Windows\System32\MpSigStub.exe

2011-11-06 10:36:06 106496 ----a-w- C:\Windows\SysWow64\ATL71.DLL

2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll

2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll

2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-11-01 18:20:50 466520 ----a-w- C:\Windows\System32\wrap_oal.dll

2011-11-01 18:20:50 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2011-11-01 18:20:50 123480 ----a-w- C:\Windows\System32\OpenAL32.dll

2011-11-01 18:20:50 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

2011-10-29 07:35:49 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-26 03:05:10 10496512 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2011-10-26 02:16:06 24866816 ----a-w- C:\Windows\System32\atio6axx.dll

2011-10-26 02:06:10 159744 ----a-w- C:\Windows\System32\atiapfxx.exe

2011-10-26 02:05:58 748544 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2011-10-26 02:04:28 892416 ----a-w- C:\Windows\System32\aticfx64.dll

2011-10-26 02:01:46 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll

2011-10-26 02:01:36 517120 ----a-w- C:\Windows\System32\atieclxx.exe

2011-10-26 02:00:58 204288 ----a-w- C:\Windows\System32\atiesrxx.exe

2011-10-26 01:59:48 18757120 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2011-10-26 01:59:44 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2011-10-26 01:59:22 423424 ----a-w- C:\Windows\System32\atipdl64.dll

2011-10-26 01:59:16 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll

2011-10-26 01:59:04 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll

2011-10-26 01:58:58 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2011-10-26 01:58:54 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2011-10-26 01:58:48 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2011-10-26 01:55:48 4292096 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2011-10-26 01:46:12 5041664 ----a-w- C:\Windows\System32\atidxx64.dll

2011-10-26 01:43:48 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll

2011-10-26 01:43:24 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll

2011-10-26 01:43:12 4044288 ----a-w- C:\Windows\System32\atiumd6a.dll

2011-10-26 01:38:32 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2011-10-26 01:38:30 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2011-10-26 01:38:20 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2011-10-26 01:38:18 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2011-10-26 01:38:08 9978880 ----a-w- C:\Windows\System32\aticaldd64.dll

2011-10-26 01:35:38 4353536 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2011-10-26 01:34:56 8449024 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2011-10-26 01:32:30 4189184 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2011-10-26 01:29:32 5510144 ----a-w- C:\Windows\System32\atiumd64.dll

2011-10-26 01:29:24 58880 ----a-w- C:\Windows\System32\coinst.dll

2011-10-26 01:22:38 486912 ----a-w- C:\Windows\System32\atiadlxx.dll

2011-10-26 01:22:30 339968 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2011-10-26 01:22:20 17408 ----a-w- C:\Windows\System32\atig6pxx.dll

2011-10-26 01:22:16 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2011-10-26 01:22:16 14336 ----a-w- C:\Windows\System32\atiglpxx.dll

2011-10-26 01:22:12 39936 ----a-w- C:\Windows\System32\atig6txx.dll

2011-10-26 01:22:06 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2011-10-26 01:21:58 326656 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2011-10-26 01:21:12 40960 ----a-w- C:\Windows\System32\atiuxp64.dll

2011-10-26 01:21:06 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2011-10-26 01:21:00 38912 ----a-w- C:\Windows\System32\atiu9p64.dll

2011-10-26 01:20:52 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2011-10-26 01:20:20 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2011-10-26 01:16:06 54784 ----a-w- C:\Windows\System32\atimpc64.dll

2011-10-26 01:16:06 54784 ----a-w- C:\Windows\System32\amdpcom64.dll

2011-10-26 01:15:58 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2011-10-26 01:15:58 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2011-10-24 09:30:24 364544 ------w- C:\Windows\Setup1.exe

2011-10-24 09:30:23 73216 ----a-w- C:\Windows\ST6UNST.EXE

2011-09-29 16:29:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-09-28 17:45:42 15453832 ----a-w- C:\Windows\SysWow64\xlive.dll

2011-09-28 17:45:42 13642888 ----a-w- C:\Windows\SysWow64\xlivefnt.dll

.

============= FINISH: 23:40:00.43 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 13/12/2009 20:48:10

System Uptime: 21/12/2011 21:42:44 (2 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | P55A-UD4

Processor: Intel® Core i5 CPU 750 @ 2.67GHz | Socket 1156 | 2661/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 234 GiB total, 82.385 GiB free.

D: is FIXED (NTFS) - 231 GiB total, 67.809 GiB free.

E: is CDROM ()

F: is CDROM ()

G: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP582: 14/12/2011 00:22:33 - Scheduled Checkpoint

RP583: 16/12/2011 10:10:57 - Windows Update

RP584: 16/12/2011 11:05:46 - Windows Update

RP585: 16/12/2011 11:33:15 - Windows Update

RP586: 20/12/2011 09:06:54 - Windows Update

RP587: 21/12/2011 22:22:42 - Windows Update

.

==== Installed Programs ======================

.

50 FREE MP3s +1 Free Audiobook!

Active Backup Expert

ActivePerl 5.10.1 Build 1006

Adobe AIR

Adobe Community Help

Adobe Dreamweaver CS5

Adobe Flash Player 11 ActiveX

Adobe Media Player

Adobe Photoshop CS5

Adobe Reader X (10.1.1)

Adobe Widget Browser

Advanced Disk Catalog

Akamai NetSession Interface

Apple Application Support

Apple Software Update

aTube Catcher

Auto Gordian Knot 2.55

Autostar Updater

avast! Free Antivirus

AviSynth 2.5

BenVista PhotoZoom Pro 3.1

Beyond Compare Version 2.4.3

BlindWrite 6

BufferChm

C4400

Camera Control Pro 2

Capture NX 2

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

CCC Help English

CDBurnerXP

Chinese Traditional Fonts Support For Adobe Reader 9

CloneCD

Colin McRae Rally

Combat Wings - Battle of Britain (1.0)

Combat Wings (1.0)

Compatibility Pack for the 2007 Office system

Content Transfer

Copy

Corel WinDVD 2010

Cygnus Hex Editor FREE EDITION 1.00

Destinations

DeviceDiscovery

Diagnostic Utility

DiRT 2

DiRT2

DMIView B8.0717.01

DocProc

DVD Decrypter (Remove Only)

DVD Identifier

DVD Shrink 3.2

DxO Optics Pro 6

EASEUS Partition Master 8.0.1 Home Edition

Easy Tune 6 B11.0823.1

Enterprise Architect 7.5

Eusing Free Registry Defrag

Exact Audio Copy 0.99pb5

FastPictureViewer WIC Codec Pack 1.70

FileZilla Client 3.5.1

FLAC 1.2.1b (remove only)

Flash Renamer 6.04

Focus Magic 3.02

foobar2000 v1.0.1

Forté Agent

Gigabyte Raid Cinfigurer

GMX-PhotoPainter 1.0.0.0636

GoldWave v5.56

GPBaseService2

Grand Prix 3

Grand Prix 3 Patch

Grand Prix 4

Honda ESM

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)

Hotfix for Microsoft Visual Web Developer 2010 Express - ENU (KB2548139)

HP Update

HPPhotoGadget

HPPhotoSmartDiscLabelContent1

HPPhotosmartEssential

HPProductAssistant

HPSSupply

HTTP Analyzer V6.5.2

ImgBurn

IrfanView (remove only)

Japanese Fonts Support For Adobe Reader 9

Java Auto Updater

Java 6 Update 24

LucisArt 3 ED/SE

Machinehead LevelCalc (32 bit)

Malwarebytes' Anti-Malware version 1.51.2.1300

MarketResearch

Memory-Map OS Edition Version 5

MessageViewer Pro 3.1.5

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft Application Error Reporting

Microsoft ASP.NET MVC 2

Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools

Microsoft ASP.NET MVC 3

Microsoft ASP.NET MVC 3 - VWD Express 2010 Tools

Microsoft ASP.NET Web Pages

Microsoft ASP.NET Web Pages - VWD Express 2010 Tools

Microsoft Expression Media 2 SP2

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office File Validation Add-In

Microsoft Office Professional Edition 2003

Microsoft Pro Photo Tools

Microsoft Reader

Microsoft Report Viewer Redistributable 2008 (KB971119)

Microsoft Report Viewer Redistributable 2008 SP1

Microsoft Silverlight

Microsoft Silverlight 3 SDK

Microsoft Silverlight 4 SDK

Microsoft SQL Server 2008 R2 Management Objects

Microsoft SQL Server 2008 R2 Policies

Microsoft SQL Server Browser

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU

Microsoft SQL Server Compact 4.0 Web Tools ENU

Microsoft SQL Server Database Publishing Wizard 1.4

Microsoft SQL Server System CLR Types

Microsoft Visual C# 2010 Express - ENU

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219

Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

Microsoft Visual Studio 2010 Service Pack 1

Microsoft Visual Studio Tools for Applications 2.0 - ENU

Microsoft Visual Web Developer 2010 Express - ENU

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Mozilla Firefox 8.0 (x86 en-GB)

Mp3tag v2.46a

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 8 Lite

Nikon Message Center

Nikon Message Center 2

Nikon Movie Editor

NSIS SmartTagFix

NuGet

OpenAL

PDF Settings CS5

Pdf995

Pegasus Mail

PhotoME

Picture Control Utility

PL-2303 USB-to-Serial

PowerISO

PS_AIO_03_C4400_Software_Min

PTGui Pro 8.2.1

QuickPar 0.9

QuickTime

Race Driver 3

Rapture3D 2.3.26 Game

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Renesas Electronics USB 3.0 Host Controller Driver

SBK09

Scan

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

SmartBackup V3.6.4

SmartWebPrinting

Software Update Wizard (Redist) 4.5

SolutionCenter

Starry Night Pro Plus 6

Status

Steam

Streamripper (Remove only)

Superbike 2000

System Requirements Lab

TextPad 4.7

Thredgeholder Plugin v 1.0

ThumbsPlus

ThumbsPlus Digicam Plug-in

ThumbsPlus Texture Plug-ins Version 1.2

ThumbsPlus version 7 SP2

TMPGEnc Authoring Works 4

Toolbox

Topaz Adjust 4

Topaz Clean 3

Topaz ReMask 2

Topaz ReMask 2 (64-bit)

TrayApp

TreeSize Professional 5.1.2

Ultra Defragmenter

UnloadSupport

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

ViewNX 2

Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU

VisualSVN Server 2.1.3

VLC media player 0.9.9

VobSub v2.23 (Remove Only)

WCF RIA Services V1.0 SP1

WebM Project Directshow Filters

WebReg

Winamp

Winamp Detector Plug-in

WinPcap 4.1.2

WinRAR archiver

XML Notepad 2007

XviD MPEG4 Video Codec (remove only)

.

==== Event Viewer Messages From Past Week ========

.

21/12/2011 21:39:24, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

21/12/2011 21:39:20, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

21/12/2011 21:39:20, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

21/12/2011 21:39:20, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

21/12/2011 21:39:10, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

21/12/2011 21:39:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

21/12/2011 21:38:51, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi CSC DfsC discache ElbyCDIO NetBIOS NetBT nsiproxy Psched rdbss SCDEmu spldr tdx vpcnfltr vpcvmm Wanarpv6 WfpLwf

21/12/2011 21:38:51, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

21/12/2011 21:38:51, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

21/12/2011 21:38:51, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

21/12/2011 21:38:51, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

21/12/2011 21:38:51, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

21/12/2011 21:38:51, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

21/12/2011 21:38:51, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

21/12/2011 21:38:51, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

21/12/2011 21:38:51, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

**** This error occured at approximately the time I first noticed a problem. ****

20/12/2011 23:51:24, Error: Service Control Manager [7031] - The Application Host Helper Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

16/12/2011 18:59:44, Error: volsnap [36] - The shadow copies of volume D: were aborted because the shadow copy storage could not grow due to a user imposed limit.

14/12/2011 00:21:48, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.

.

==== End Of File ===========================

Link to post
Share on other sites

  • 1 month later...

Hello,

Would you advise if you have resolved your issues or if you have sought help elsewhere?

If not resolved and you are not already seeking help elsewhere, I'd like for you to rerun a new (fresh) DDS and Copy & Paste the DDS.txt into a new reply.

Anyone other than original-poster who has similar issues, do not reply here. Start your own topic.

Link to post
Share on other sites

Hello,

Thank you for replying. Sorry that I've taken so long to get back to you. I haven't been checking for a reply every day.

I'm hoping that I've already removed the malware but I would be very grateful if you could give a second opinion. I'm a competent PC user and software developer, but don't much about malware.

I'm a concerned that there might be something left because Windows start-up is slow. Windows itself is flagging slow start-up errors in the event log. This might be normal Windows 7 behaviour but it might also be a sign of something more serious.

Below is a new log made with Avast disabled and the router switched off. The following items may appear suspicious to you but are actually OK

C:\Program Files (x86)\IEInspector\HTTPAnalyzerFullV6\InjectWinSockServiceV6.exe - I use it for web development.

C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe - A utility for creating Windows 7 firewall rules.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30

Run by John at 9:27:49 on 2012-02-11

Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.4087.2894 [GMT 0:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k apphost

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Program Files (x86)\IEInspector\HTTPAnalyzerFullV6\InjectWinSockServiceV6.exe

C:\Windows\SysWOW64\XSrvSetup.exe

C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe

C:\Program Files\Logitech\Gaming Software\LWEMon.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\SysWOW64\ctfmon.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://uk.ask.com/?l=dis&o=14676

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [AdobeBridge]

mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\RESMON~1.LNK - C:\Windows\SysWOW64\resmon.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

IE: {0EE59015-EBDF-4986-8F80-DB00975ABDCD} - {92F2BF89-AEA4-4A97-993E-9128C11F400D} - C:\PROGRA~2\IEINSP~1\HTTPAN~2\IEHTTP~1.DLL

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/Select/asusTek_sys_ctrl3.cab

DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx

DPF: {72376E32-8AF2-473F-BE32-E5D0F39C865D} - hxxp://www.cyberlink.com/prog/win7/js/UpdateAdvisor.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{D328CD9E-AC27-4428-8F27-171A2B6537DE} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{E9879D1F-6E88-4940-A6DF-161B1D5B5600} : DhcpNameServer = 192.168.1.1

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\pgq5i4rs.default\

FF - prefs.js: browser.startup.homepage - hxxp://forums.malwarebytes.org/index.php?showtopic=102703&st=0&gopid=507789entry507789

FF - prefs.js: network.proxy.http - 195.244.235.212

FF - prefs.js: network.proxy.http_port - 8080

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\IEInspector\HTTPAnalyzerFullV6\firefox\Components\nphaplugin.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 mv91cons;Marvell 91xx Config Device Driver;C:\Windows\system32\DRIVERS\mv91cons.sys --> C:\Windows\system32\DRIVERS\mv91cons.sys [?]

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-12-12 44768]

R2 HttpAnalyzerV6 DllInjectService;HttpAnalyzerV6 CodeHook service;C:\Program Files (x86)\IEInspector\HTTPAnalyzerFullV6\InjectWinSockServiceV6.exe [2011-10-29 467264]

R2 JMB36X;JMB36X;C:\Windows\SysWOW64\XSrvSetup.exe [2009-12-26 65536]

R2 regi;regi;\??\C:\Windows\system32\drivers\regi.sys --> C:\Windows\system32\drivers\regi.sys [?]

R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\system32\DRIVERS\RtNdPt60.sys --> C:\Windows\system32\DRIVERS\RtNdPt60.sys [?]

R2 Windows7FirewallService;Windows7FirewallService;C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe [2010-4-10 614912]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 cmudaxp;ASUS Xonar D2X Audio Interface;C:\Windows\system32\drivers\cmudaxp.sys --> C:\Windows\system32\drivers\cmudaxp.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]

S3 AODDriver;AODDriver;C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [2010-3-12 52280]

S3 athrusb;Netgear WG111T modded device driver;C:\Windows\system32\DRIVERS\athrxusb.sys --> C:\Windows\system32\DRIVERS\athrxusb.sys [?]

S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2011-5-15 14216]

S3 etdrv;etdrv;C:\Windows\etdrv.sys [2009-12-14 25640]

S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2011-5-15 8456]

S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2009-12-14 30528]

S3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50a64.sys --> C:\Windows\system32\Drivers\PCAMp50a64.sys [?]

S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50a64.sys --> C:\Windows\system32\Drivers\PCASp50a64.sys [?]

S3 phc710;USB PC Camera (SPC710NC);C:\Windows\system32\DRIVERS\phc710.sys --> C:\Windows\system32\DRIVERS\phc710.sys [?]

S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);C:\Windows\system32\DRIVERS\RtTeam60.sys --> C:\Windows\system32\DRIVERS\RtTeam60.sys [?]

S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\system32\DRIVERS\RtVlan60.sys --> C:\Windows\system32\DRIVERS\RtVlan60.sys [?]

S3 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-6-17 431456]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);C:\Windows\system32\DRIVERS\RtTeam60.sys --> C:\Windows\system32\DRIVERS\RtTeam60.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 VisualSVNServer;VisualSVN Server;C:\Program Files (x86)\VisualSVN Server\bin\VisualSVNServer.exe [2010-7-13 23840]

S3 vpcuxd;USB Virtualization Stub Service;C:\Windows\system32\drivers\vpcuxd.sys --> C:\Windows\system32\drivers\vpcuxd.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WebUpdate4;Web Update Wizard Service V4;C:\Windows\SysWOW64\WebUpdateSvc4.exe [2009-8-13 262416]

S3 WG111T;NETGEAR WG111T USB2.0 Wireless Card Service;C:\Windows\system32\DRIVERS\WG111Tvx.sys --> C:\Windows\system32\DRIVERS\WG111Tvx.sys [?]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]

S4 RsFx0151;RsFx0151 Driver;C:\Windows\system32\DRIVERS\RsFx0151.sys --> C:\Windows\system32\DRIVERS\RsFx0151.sys [?]

.

=============== Created Last 30 ================

.

2012-02-08 14:48:16 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E1BD417A-BDA2-493C-A364-A1E7F231C75A}\mpengine.dll

2012-01-26 00:21:55 -------- d---a-w- C:\Patrick O'Brian - The Thirteen Gun Salute AM13

2012-01-25 15:49:19 -------- d-----w- C:\Users\John\AppData\Roaming\Phase One Media Pro

2012-01-25 15:48:16 -------- d-----w- C:\Program Files (x86)\Phase One

2012-01-23 14:32:41 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-01-14 13:59:33 -------- d-----w- C:\WRC mix files

2012-01-12 12:29:12 -------- dc-h--w- C:\ProgramData\{3040C529-3408-4523-BA39-B03DF632C050}

.

==================== Find3M ====================

.

2012-01-27 00:52:58 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-01-23 14:15:53 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-01-12 21:45:21 2568 --sha-w- C:\ProgramData\KGyGaAvL.sys

2011-12-13 11:35:17 25640 ----a-w- C:\Windows\etdrv.sys

2011-12-13 11:35:02 30528 ----a-w- C:\Windows\GVTDrv64.sys

2011-12-13 11:35:02 25640 ----a-w- C:\Windows\gdrv.sys

2011-12-10 15:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-12-01 13:33:33 523 ----a-w- C:\Windows\System32\ClearStartup.bat

2011-12-01 13:33:33 523 ----a-w- C:\Users\John\ClearStartup.bat

2011-11-28 18:01:25 41184 ----a-w- C:\Windows\avastSS.scr

2011-11-28 17:54:06 591192 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2011-11-28 17:52:11 66904 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys

2011-11-22 19:40:52 1900 ----a-w- C:\Windows\System32\ud-boot-time.cmd

2011-11-22 19:02:29 1534 ----a-w- C:\Windows\SysWow64\ud-boot-time.cmd

2011-11-21 14:20:55 1352 ----a-w- C:\Windows\SysWow64\boot-on.cmd

2011-11-19 14:58:00 77312 ----a-w- C:\Windows\System32\packager.dll

2011-11-19 14:01:00 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2011-11-18 15:10:11 483 ----a-w- C:\Windows\SysWow64\boot-off.cmd

2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys

2011-11-17 06:41:18 1731920 ----a-w- C:\Windows\System32\ntdll.dll

2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll

2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll

2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll

2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll

2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll

2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll

2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe

2011-11-17 05:38:39 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll

2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll

2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll

2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2011-11-16 15:06:45 59 ----a-w- C:\Windows\wpd99.drv

.

============= FINISH: 9:28:25.78 ===============

Link to post
Share on other sites

Have you run MBAM Update to insure it is up-to-date & then run a Quick scan? Did it find a malware?

Have you done the same with Avast ?

Unless a malware is found, a slow system may well be due to other issues:

Here are some recommended articles:

What to do if your Computer is running slowly

http://www.malwarere...nningslowly.php

See Quietman7's Slow Computer/browser? Check Here First

http://www.bleepingc...topic87058.html

See Miekiemoes' Help! My computer is slow!

http://users.telenet...owcomputer.html

See Jim Eshelman's Computer Health

http://aumha.org/a/health.htm

Slow Computer/Browser: Check here first!

http://www.bleepingc...topic44694.html

Link to post
Share on other sites

Hello,

Thanks for looking at the DDS log.

I ran a MBAM quick scan and an Avast full scan before my original post to this forum. Neither flagged up a serious problem.

I've just updated MBAM and run another quick scan again and it still shows nothing. I also ran an Avast quick scan. This flagged up some PUPs, all of which turned out to be Nirsoft utilities. It reported the malware type as Win32:PSWtool. I'm not worried about these because I believe that they come from a reliable source.

I read a few days ago that rootkits are mainly a problem with 32 bit versions or Windows and that 64 bit Windows is relatively immune. Is this correct? I have Windows 7 Professional, 64 bit.

Thanks for the links. I'll work my way through them over the next few days.

Thanks again for your time. It is appreciated.

Best regards

Charles

Link to post
Share on other sites

Hello Maurice,

I've been working through the links that you gave me. They include quite a few things that I hadn't already tried but I'd already done the major things like checking start-up apps and services and optimising the hard disks. I might have made start-up a bit quicker in the last few days, but not by much. I need to start a reasonable number of apps and services at start-up for my normal work, and I probably have to accept that this is going to take some time.

You didn't actually say what you thought about the logs that I posted. I assume that means that you didn't see anything to be worried about.

If that's the case then I won't take up any more of your time. Thank you very much for your help. It is much appreciated.

Regards

Charles

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.