Jump to content

Annoying Infection

dna1990
 Share

Recommended Posts

dna1990

dna1990

Posted
Posted

On a fairly new Win7Pro build....your help is appreciated.

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635  BrowserJavaVersion: 10.25.2
Run by DNA9 at 9:37:40 on 2013-08-03
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8160.6544 [GMT -5:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe
C:\Users\DNA9\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
F:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
F:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
F:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

uProxyServer = hxxp=127.0.0.1:49158;https=127.0.0.1:49158
uProxyOverride = <-loopback>
mWinlogon: Userinit = userinit.exe,
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\CoIEPlg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\CoIEPlg.dll
uRun: [browserSafeguard] C:\Program Files (x86)\Browsersafeguard\Browsersafeguard.exe
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [PCFixSpeed] "C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe" /startup
StartupFolder: C:\Users\DNA9\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\DNA9\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{8C33FA9C-699C-405A-96E0-872A23E1131F} : DHCPNameServer = 192.168.1.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1404000.028\SymDS64.sys [2013-7-4 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1404000.028\SymEFA64.sys [2013-7-4 1139800]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [2013-7-16 1393240]
R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\System32\drivers\N360x64\1404000.028\ccSetx64.sys [2013-7-4 169048]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2012-3-19 89536]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20130802.001\IDSviA64.sys [2013-8-3 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1404000.028\Ironx64.sys [2013-7-4 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1404000.028\symnets.sys [2013-7-4 433752]
R2 MBAMScheduler;MBAMScheduler;F:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-7-18 418376]
R2 MBAMService;MBAMService;F:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-7-18 701512]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [2013-7-4 144368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-6-21 413472]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-7-6 138912]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-7-18 25928]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2013-7-4 32344]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-10 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-10 181760]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-7-4 805088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-7-4 1255736]
.
=============== Created Last 30 ================
.
2013-08-03 14:31:02 -------- d-----w- C:\Malware
2013-08-03 14:02:22 -------- d-----w- C:\Users\DNA9\AppData\Local\NPE
2013-08-02 18:18:02 -------- d-----w- C:\ProgramData\PCFixSpeed
2013-08-02 18:13:08 -------- d-----w- C:\Users\DNA9\AppData\Roaming\DefaultTab
2013-08-02 18:13:01 -------- d-----w- C:\Users\DNA9\AppData\Roaming\PCFixSpeed
2013-08-02 18:13:01 -------- d-----w- C:\Program Files (x86)\PCFixSpeed
2013-08-02 18:12:39 -------- d-----w- C:\Program Files (x86)\Browsersafeguard
2013-07-31 01:25:29 -------- d-----w- C:\Users\DNA9\AppData\Roaming\SketchUp
2013-07-31 01:23:45 -------- d-----w- C:\ProgramData\SketchUp
2013-07-18 13:23:10 -------- d-----w- C:\Users\DNA9\AppData\Roaming\Malwarebytes
2013-07-18 13:22:59 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-07-18 13:22:59 -------- d-----w- C:\ProgramData\Malwarebytes
2013-07-18 13:22:35 -------- d-----w- C:\Users\DNA9\AppData\Local\Programs
2013-07-11 19:43:41 -------- d-----w- C:\Program Files (x86)\MyPC Backup
2013-07-11 19:43:20 -------- d-----w- C:\Program Files (x86)\WebCake
2013-07-08 14:54:00 -------- d-----w- C:\Users\DNA9\AppData\Roaming\NVIDIA
2013-07-08 14:50:18 -------- d-----w- C:\Users\DNA9\AppData\Roaming\.minecraft
2013-07-06 19:19:38 -------- d-----w- C:\Users\DNA9\AppData\Local\Google
2013-07-06 19:11:18 -------- d-----w- C:\Users\DNA9\AppData\Roaming\AVS4YOU
2013-07-06 19:11:18 -------- d-----w- C:\Program Files (x86)\AVS4YOU
2013-07-06 19:10:41 -------- d-----w- C:\ProgramData\AVS4YOU
2013-07-06 19:10:38 1005928 ----a-w- C:\Windows\SysWow64\libeay32.dll
2013-07-06 19:10:30 974848 ----a-w- C:\Windows\SysWow64\mfc70.dll
2013-07-06 19:10:30 487424 ----a-w- C:\Windows\SysWow64\msvcp70.dll
2013-07-06 19:10:30 344064 ----a-w- C:\Windows\SysWow64\msvcr70.dll
2013-07-06 19:10:30 24576 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2013-07-06 19:10:30 1700352 ----a-w- C:\Windows\SysWow64\GdiPlus.dll
2013-07-06 19:10:28 -------- d-----w- C:\Program Files (x86)\Common Files\AVSMedia
2013-07-06 19:09:25 -------- d-----w- C:\ProgramData\Citrix
2013-07-06 19:09:22 -------- d-----w- C:\Users\DNA9\AppData\Roaming\ICAClient
2013-07-06 19:09:22 -------- d-----w- C:\Users\DNA9\AppData\Local\Citrix
2013-07-06 19:09:21 -------- d-----w- C:\Program Files (x86)\Citrix
2013-07-06 19:04:14 -------- d-----w- C:\Users\DNA9\AppData\Roaming\EditPlus 3
2013-07-06 19:04:14 -------- d-----w- C:\Program Files (x86)\EditPlus 3
2013-07-06 18:31:15 -------- d-----w- C:\Windows\en
2013-07-05 15:21:11 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2013-07-05 00:41:16 -------- d-----w- C:\Users\DNA9\AppData\Local\Diagnostics
2013-07-05 00:40:05 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-07-05 00:40:05 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2013-07-05 00:40:03 796760 ----a-r- C:\Windows\System32\drivers\N360x64\1404000.028\srtsp64.sys
2013-07-05 00:40:03 493656 ----a-r- C:\Windows\System32\drivers\N360x64\1404000.028\SymDS64.sys
2013-07-05 00:40:03 433752 ----a-r- C:\Windows\System32\drivers\N360x64\1404000.028\symnets.sys
2013-07-05 00:40:03 36952 ----a-r- C:\Windows\System32\drivers\N360x64\1404000.028\srtspx64.sys
2013-07-05 00:40:03 23448 ----a-r- C:\Windows\System32\drivers\N360x64\1404000.028\SymELAM.sys
2013-07-05 00:40:03 224416 ----a-r- C:\Windows\System32\drivers\N360x64\1404000.028\Ironx64.sys
2013-07-05 00:40:03 169048 ----a-r- C:\Windows\System32\drivers\N360x64\1404000.028\ccSetx64.sys
2013-07-05 00:40:03 1139800 ----a-r- C:\Windows\System32\drivers\N360x64\1404000.028\SymEFA64.sys
2013-07-05 00:39:58 -------- d-----w- C:\Windows\System32\drivers\N360x64\1404000.028
2013-07-05 00:39:58 -------- d-----w- C:\Windows\System32\drivers\N360x64
2013-07-05 00:39:57 -------- d-----w- C:\Program Files (x86)\Norton 360
2013-07-05 00:39:43 -------- d-----w- C:\ProgramData\NortonInstaller
2013-07-05 00:39:43 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2013-07-05 00:36:52 -------- d-----w- C:\ProgramData\Norton
2013-07-05 00:23:04 -------- d-----w- C:\Users\DNA9\AppData\Roaming\Dropbox
2013-07-05 00:03:00 -------- d-----r- C:\Users\DNA9\AppData\Roaming\Brother
2013-07-04 23:16:37 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2013-07-04 23:16:37 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-07-04 23:16:37 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-07-04 23:16:37 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-07-04 23:12:20 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2013-07-04 23:12:20 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2013-07-04 23:12:20 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2013-07-04 23:12:20 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2013-07-04 23:12:20 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2013-07-04 23:12:20 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2013-07-04 23:12:20 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2013-07-04 23:10:26 -------- d-----w- C:\ProgramData\Brother
2013-07-04 21:17:48 2565632 ----a-w- C:\Windows\System32\esent.dll
2013-07-04 21:17:47 96768 ----a-w- C:\Windows\System32\fsutil.exe
2013-07-04 21:17:47 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2013-07-04 21:17:47 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2013-07-04 21:17:47 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2013-07-04 21:17:47 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2013-07-04 21:17:47 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2013-07-04 21:17:47 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2013-07-04 21:17:47 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2013-07-04 21:17:47 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2013-07-04 21:16:56 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-07-04 21:16:56 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-07-04 21:09:44 3216384 ----a-w- C:\Windows\System32\msi.dll
2013-07-04 21:09:44 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2013-07-04 21:06:56 55296 ----a-w- C:\Windows\SysWow64\cero.rs
2013-07-04 20:49:38 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2013-07-04 20:49:32 -------- d-----w- C:\Windows\PCHEALTH
2013-07-04 20:49:32 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-07-04 20:47:36 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2013-07-04 20:47:18 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2013-07-04 20:47:02 -------- d-----w- C:\Users\DNA9\AppData\Local\Microsoft Help
2013-07-04 20:45:13 -------- d-----w- C:\Users\DNA9\AppData\Local\NVIDIA
2013-07-04 19:17:47 8192 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll
2013-07-04 19:17:46 56600 ----a-w- C:\Windows\System32\drivers\HECIx64.sys
2013-07-04 19:17:32 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2013-07-04 19:17:29 -------- d-----w- C:\Intel
2013-07-04 19:12:33 -------- d-----w- C:\Windows\Panther
2013-07-04 19:10:10 -------- d-----w- C:\Program Files (x86)\Renesas Electronics
2013-07-04 19:09:57 -------- d-----w- C:\ProgramData\Downloaded Installations
2013-07-04 18:59:03 805088 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2013-07-04 18:59:03 74344 ----a-w- C:\Windows\System32\RtNicProp64.dll
2013-07-04 18:40:31 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-04 18:40:31 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-04 18:40:09 -------- d-----w- C:\Users\DNA9\AppData\Local\Adobe
2013-07-04 18:14:56 101376 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\HPZPPWN7.DLL
2013-07-04 18:05:39 11832 ----a-w- C:\Windows\acpimof.dll
2013-07-04 17:52:22 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-07-04 17:52:20 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4D251357-A71E-4F18-9665-4DA3CB3A55A0}\mpengine.dll
2013-07-04 17:48:14 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2013-07-04 17:48:14 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-07-04 17:48:14 367616 ----a-w- C:\Windows\System32\atmfd.dll
2013-07-04 17:48:14 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-07-04 17:48:14 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-07-04 17:48:14 100864 ----a-w- C:\Windows\System32\fontsub.dll
2013-07-04 17:47:16 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-07-04 17:47:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2013-07-04 17:47:16 5120 ----a-w- C:\Windows\System32\wmi.dll
2013-07-04 17:47:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2013-07-04 17:47:16 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-07-04 17:46:52 884512 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-07-04 17:46:52 6496544 ----a-w- C:\Windows\System32\nvcpl.dll
2013-07-04 17:46:52 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-07-04 17:46:52 3514656 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-07-04 17:46:52 3253909 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-07-04 17:46:52 2558240 ----a-w- C:\Windows\System32\nvsvcr.dll
2013-07-04 17:46:52 237856 ----a-w- C:\Windows\System32\nvmctray.dll
2013-07-04 17:46:45 61216 ----a-w- C:\Windows\System32\OpenCL.dll
2013-07-04 17:46:45 53024 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2013-07-04 17:46:43 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2013-07-04 17:46:42 -------- d-----w- C:\Program Files\NVIDIA Corporation
2013-07-04 17:46:42 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2013-07-04 17:44:50 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-07-04 17:44:50 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-07-04 17:44:49 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-04 17:44:43 -------- d-sh--w- C:\Windows\Installer
2013-07-04 17:38:44 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-07-04 17:37:57 77312 ----a-w- C:\Windows\System32\packager.dll
2013-07-04 17:37:57 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2013-07-04 17:37:52 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2013-07-04 17:37:52 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2013-07-04 17:37:52 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2013-07-04 17:36:29 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-07-04 17:36:28 99840 ----a-w- C:\Windows\System32\wudriver.dll
2013-07-04 17:36:27 36864 ----a-w- C:\Windows\System32\wuapp.exe
2013-07-04 17:36:27 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2013-07-04 17:34:26 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2013-07-04 17:34:22 -------- d-----w- C:\Program Files (x86)\Realtek
.
==================== Find3M  ====================
.
2013-06-21 12:06:36 925648 ----a-w- C:\Windows\SysWow64\nvumdshim.dll
2013-06-21 10:16:02 566048 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-06-05 15:57:22 644400 ----a-w- C:\Windows\SysWow64\mscomct2.ocx
2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-05-29 03:37:16 3432776 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
2013-05-24 22:40:54 142408 ----a-w- C:\Windows\System32\RCoInstII64.dll
2013-05-22 16:24:32 3744328 ----a-w- C:\Windows\System32\RtkAPO64.dll
2013-05-20 21:16:30 1003592 ----a-w- C:\Windows\System32\RtkApi64.dll
2013-05-20 19:36:20 2794056 ----a-w- C:\Windows\System32\RtPgEx64.dll
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-05-06 06:03:49 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-05-06 04:56:35 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
.
============= FINISH:  9:37:48.13 ===============

 

 

 

 

 

 

 

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/4/2013 11:24:44 AM
System Uptime: 8/3/2013 9:12:29 AM (0 hours ago)
.
Motherboard: MSI |  | P67A-GD55 (MS-7681)
Processor: Intel® Core i5-2500K CPU @ 3.30GHz | SOCKET 0 | 3292/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 84 GiB total, 41.523 GiB free.
D: is CDROM (CDFS)
E: is Removable
F: is FIXED (NTFS) - 931 GiB total, 653.304 GiB free.
G: is Removable
H: is FIXED (NTFS) - 466 GiB total, 307.797 GiB free.
I: is FIXED (NTFS) - 466 GiB total, 301.459 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP25: 7/13/2013 3:00:13 AM - Windows Update
RP26: 7/30/2013 8:23:39 PM - Installed SketchUp 2013
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.03)
AVS Audio Converter 7
AVS Audio Editor 7.1
AVS Audio Recorder version 4.0
AVS Cover Editor 2.0.1.3
AVS Disc Creator 5
AVS Document Converter 2.2.6
AVS DVD Copy 4.1.2.283
AVS Image Converter 2.3.3.249
AVS Media Player 4.1.11.100
AVS Photo Editor
AVS Registry Cleaner 2.2.3.237
AVS Ringtone Maker version 1.6
AVS Video Converter 8
AVS Video Editor 6
AVS Video Recorder 2.5
AVS Video ReMaker 4.1.4.150
BrowserSafeguard
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
D3DX10
DefaultTab
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dropbox
EditPlus 3
Google Earth
Google Update Helper
Intel® Management Engine Components
Java 7 Update 25
Java Auto Updater
Live Update 5
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Visio 2010
Microsoft Office Visio MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visio 2010 Service Pack 1 (SP1)
Microsoft Visio Premium 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Movie Maker
MSVCRT
MSVCRT110
MSVCRT110_amd64
Norton 360
NVIDIA 3D Vision Controller Driver 320.49
NVIDIA 3D Vision Driver 320.49
NVIDIA Control Panel 320.49
NVIDIA GeForce Experience 1.5
NVIDIA Graphics Driver 320.49
NVIDIA HD Audio Driver 1.3.24.2
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.0604
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 4.11.9
NVIDIA Update Components
PC Fix Speed 1.2.0.24
Photo Common
Photo Gallery
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
SketchUp 2013
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
WebCake 3.00
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR 4.20 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
8/3/2013 8:51:06 AM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk3\DR3.
8/2/2013 1:20:46 PM, Error: Service Control Manager [7034]  - The DefaultTabUpdate service terminated unexpectedly.  It has done this 1 time(s).
8/1/2013 2:43:04 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk5\DR8.
.
==== End Of File ===========================
 

 

 

 

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Welcome to the forum.

Please uninstall ------->> PC Fix Speed 1.2.0.24 from your add/remove programs

Then...........

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
2. If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.
Failure to remove such software will result in your topic being closed and no further assistance being provided.


MrC


Note:
Please read all of my instructions completely including these.

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly


Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive


<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.


<+>The removal of malware isn't instantaneous, please be patient.


<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs


<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.


------->Your topic will be closed if you haven't replied within 3 days!<--------
(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites
dna1990

dna1990

Posted
  • Author
Posted

PC Fix Speed unintalled without issue.

 

Report from RK:

 

RogueKiller V8.6.4 _x64_ [Jul 29 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : DNA9 [Admin rights]
Mode : Scan -- Date : 08/03/2013 10:28:51
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:49158;hxxps=127.0.0.1:49158) -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][sUSP PATH] Updater26278.exe : C:\Users\DNA9\AppData\Local\Updater26278\Updater26278.exe - /extensionid=26278 /extensionname="Solid Savings" /chromeid=cijeeimilokkhlfjombmalgpabbonmah [x][x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤
-> F:\Documents and Settings\Default\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [sys - NO_SYS] [sys32 - NOT_FOUND] | USERINFO [startup - NOT_FOUND]
-> F:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [sys - NO_SYS] [sys32 - NOT_FOUND] | USERINFO [startup - NOT_FOUND]
-> F:\Documents and Settings\DNA9\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [sys - NO_SYS] [sys32 - NOT_FOUND] | USERINFO [startup - NOT_FOUND]
-> F:\Documents and Settings\UpdatusUser\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [sys - NO_SYS] [sys32 - NOT_FOUND] | USERINFO [startup - NOT_FOUND]

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

 

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST31000524AS ATA Device +++++
--- User ---
[MBR] 7834d9d1987863d850b686db8cabedfb
[bSP] a6245ae8fe8ff67c326017bed9d57d7e : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST31000524AS ATA Device +++++
--- User ---
[MBR] ae8916554ec89921ec4661e0b8aa2645
[bSP] 9b507be048defd4f2c90d13702059f4a : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 85755 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: ST31000524AS ATA Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive3: ST31000524AS ATA Device +++++
--- User ---
[MBR] efaae474bf56cd39e5d0462ccb81c6e6
[bSP] 5cab7fac78b6fe5301595cea6da44b25 : Empty MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive4: ST31000524AS ATA Device +++++
--- User ---
[MBR] 99da391b1b0946011ff01646274723bd
[bSP] 550899ebd778b16bbba949ac9671e6fe : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_S_08032013_102851.txt >>

 

 

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Did you or one of your programs set this proxy up:

 

[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:49158;hxxps=127.0.0.1:49158) -> FOUND

 

----------------------------

Run RogueKiller again and click Scan
When the scan completes > click on the Registry tab (I'm not sure where this will be, see if you can locate it and delete it)
Put a check next to all of these and uncheck the rest: (if found)
 

[V2][sUSP PATH] Updater26278.exe : C:\Users\DNA9\AppData\Local\Updater26278\Updater26278.exe - /extensionid=26278 /extensionname="Solid Savings" /chromeid=cijeeimilokkhlfjombmalgpabbonmah [x][x] -> FOUND


Now click Delete on the right hand column under Options

----------------------------------------------

Then.........

Please download AdwCleaner from here and save it on your Desktop.
 

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :
· Adwares (software ads)
· PUP/LPI (Potentially Undesirable Program)
· Toolbars
· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion method. It can be easily uninstalled using the "Uninstall" mode.

  • Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  • Now click on the Search tab.
  • Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:
Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.
If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.




Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.

You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:

/DisableAskDetection - This option disables Ask Toolbar detection.


MrC

Link to post
Share on other sites
dna1990

dna1990

Posted
  • Author
Posted

Cleaned the proxy and registry with RK, then restarted.

 

Ran ADW, with the following results.  I have no use to keep anything listed below.

 

 

 

# AdwCleaner v2.306 - Logfile created 08/03/2013 at 10:57:31
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : DNA9 - DNA9-PC
# Boot Mode : Normal
# Running from : C:\Malware\adwcleaner.exe
# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\WebCake
Folder Found : C:\Users\DNA9\AppData\Roaming\DefaultTab

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\DefaultTab
Key Found : HKCU\Software\Default Tab
Key Found : HKCU\Software\DefaultTab
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0026278.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0026278.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Found : HKLM\Software\Default Tab
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Key Found : HKLM\SOFTWARE\Tarma Installer

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [1714 octets] - [03/08/2013 10:57:31]

########## EOF - C:\AdwCleaner[R1].txt - [1774 octets] ##########

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

In RogueKiller, what was this listed under:

 

[V2][sUSP PATH] Updater26278.exe : C:\Users\DNA9\AppData\Local\Updater26278\Updater26278.exe - /extensionid=26278 /extensionname="Solid Savings" /chromeid=cijeeimilokkhlfjombmalgpabbonmah [x][x] -> FOUND

 


-------------------------------------------

Lots of adware found....lets clear it out.....

  • Please re-run AdwCleaner
  • Click on Delete button.
  • Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Then......

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Last...........

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC


MrC

Link to post
Share on other sites
dna1990

dna1990

Posted
  • Author
Posted

That SUPP Path was listed under Registry in RK.

 

Deleted items via AdwC with the following log:

# AdwCleaner v2.306 - Logfile created 08/03/2013 at 11:08:29
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : DNA9 - DNA9-PC
# Boot Mode : Normal
# Running from : C:\Malware\adwcleaner.exe
# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\WebCake
Folder Deleted : C:\Users\DNA9\AppData\Roaming\DefaultTab

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0026278.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0026278.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Key Deleted : HKLM\SOFTWARE\Tarma Installer

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [1839 octets] - [03/08/2013 10:57:31]
AdwCleaner[s1].txt - [1812 octets] - [03/08/2013 11:08:29]

########## EOF - C:\AdwCleaner[s1].txt - [1872 octets] ##########

 

Ran JRT with the following log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.3.1 (08.02.2013:3)
OS: Windows 7 Professional x64
Ran by DNA9 on Sat 08/03/2013 at 11:23:07.39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\solid savings
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220222622278}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660266626678}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220222622278}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660266626678}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660266626678}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660266626678}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A2995DE-CA46-4C51-B920-CD39C1EF602F}

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 08/03/2013 at 11:25:46.36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

 

 

MBAM Quick scan found no malicious threats.

 

 

 

FEELS GOOD FOR NOW.  Any other suggestions?

 

I have Norton 360 and MBAM Pro running now full time.

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get "Unsupported operating system. Aborting now", just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites
dna1990

dna1990

Posted
  • Author
Posted

 Results of screen317's Security Check version 0.99.71 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled! 
Norton 360   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 AVS Registry Cleaner 2.2.3.237 
 Java 7 Update 25 
 Adobe Reader XI 
````````Process Check: objlist.exe by Laurent```````` 
 Norton ccSvcHst.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe  
 SecurityCheck.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

AVS Registry Cleaner 2.2.3.237 <---------programs like this are not recommended to use..they usually cause more harm to your computer and do little if no good.

http://forums.whatthetech.com/index.php?showtopic=42862

 

The rest looks OK.

A little clean up to do....

Please download OTC to your desktop.
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again. (may be down right now)
Cached version:
http://webcache.googleusercontent.com/search?q=cache:T4_y-D1qZAoJ:maddoktor2.com/forums/index.php%3Ftopic%3D46886.0+&cd=3&hl=en&ct=clnk&gl=us

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept