Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with www.safesearch.net keeps resetting IE home page


  • This topic is locked This topic is locked
14 replies to this topic

#1 Spacedog79

Spacedog79

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 25 January 2015 - 11:32 AM

Experienced IT pro with no clue how this is still happening. When setting the IE homepage to google.co.uk it is instantly set back to http://www.safesearch.net/?p=h&m=ie&c=wi&s=wi the next time you look. Have tried Malwarebytes, superantispyware, hijackthis, adwcleaner, combofix, hitman, junkware removal tool, nothing has touched it. Thorough windows disk check fixed a couple of minor errors but otherwise in good condition.  Any help appreciated.

Attached Files



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:23 PM

Posted 25 January 2015 - 12:35 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST Fix.

frst.pngfrstfix.png
Please download the attached fixlist txt.gif and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.
Attached File  fixlist.txt   3.36KB   7 downloads

After the Reboot:

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 Spacedog79

Spacedog79
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 25 January 2015 - 12:48 PM

Many thanks Jürgen, here is the new FRST.txt file:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Sheila (administrator) on SHEILA-LAPTOP on 25-01-2015 17:41:36
Running from C:\Users\Sheila\Downloads
Loaded Profiles: Sheila (Available profiles: Sheila)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-09] (Synaptics Incorporated)
HKLM\...\Run: [PfNet] => C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe [6310912 2010-06-24] (FUJITSU LIMITED)
HKLM\...\Run: [PSUTility] => C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [188264 2009-07-30] (FUJITSU LIMITED)
HKLM\...\Run: [FDM7] => C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [164712 2009-11-26] (FUJITSU LIMITED)
HKLM\...\Run: [LoadFujitsuQuickTouch] => C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [157544 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [LoadBtnHnd] => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [35176 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor)
HKLM-x32\...\Run: [LoadFUJ02E3] => C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe [36712 2009-10-08] (FUJITSU LIMITED)
HKLM-x32\...\Run: [IndicatorUtility] => C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [47976 2009-10-09] (FUJITSU LIMITED)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] => C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [162912 2009-07-08] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-951479371-3248473547-1316026327-1000\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.safesearch.net/?p=h&m=ie&c=wi&s=wi
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.safesearch.net/?p=h&m=ie&c=na&s=na
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesearch.net/?p=h&m=ie&c=wi&s=wi
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-951479371-3248473547-1316026327-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> DefaultScope {BA1BE292-1D15-488B-934D-008742212380} URL = 
SearchScopes: HKU\S-1-5-21-951479371-3248473547-1316026327-1000 -> {4F620888-1FF8-4A07-B6C5-12F2BD4D0982} URL = https://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-951479371-3248473547-1316026327-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Sheila\AppData\Local\Google\Chrome\User Data\Default
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [262144 2009-11-01] (Intel Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [330240 2010-06-24] (FUJITSU LIMITED) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2009-07-30] (FUJITSU LIMITED)
U2 UNS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2314240 2009-11-01] (Intel Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 fp; C:\Windows\System32\DRIVERS\fp.sys [19152 2015-01-09] (Windows ® Win 7 DDK provider)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-25 16:15 - 2015-01-25 16:15 - 00015411 _____ () C:\Users\Sheila\Downloads\Addition.txt
2015-01-25 16:14 - 2015-01-25 17:41 - 00012229 _____ () C:\Users\Sheila\Downloads\FRST.txt
2015-01-25 16:14 - 2015-01-25 17:41 - 00000000 ____D () C:\FRST
2015-01-25 16:13 - 2015-01-25 16:14 - 02129920 _____ (Farbar) C:\Users\Sheila\Downloads\FRST64.exe
2015-01-25 15:09 - 2015-01-25 15:09 - 00018336 _____ () C:\ComboFix.txt
2015-01-25 14:59 - 2011-06-26 06:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-25 14:59 - 2010-11-07 17:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-25 14:59 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-25 14:59 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-25 14:59 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-25 14:59 - 2000-08-31 00:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-25 14:59 - 2000-08-31 00:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-25 14:59 - 2000-08-31 00:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-25 14:57 - 2015-01-25 15:10 - 00000000 ____D () C:\Qoobox
2015-01-25 14:57 - 2015-01-25 15:08 - 00000000 ____D () C:\Windows\erdnt
2015-01-25 14:55 - 2015-01-25 14:55 - 05609462 ____R (Swearware) C:\Users\Sheila\Downloads\ComboFix.exe
2015-01-25 14:44 - 2015-01-25 14:44 - 01707939 _____ (Thisisu) C:\Users\Sheila\Downloads\JRT.exe
2015-01-25 14:44 - 2015-01-25 14:44 - 00000000 ____D () C:\Windows\ERUNT
2015-01-25 14:21 - 2015-01-25 14:30 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-25 12:59 - 2015-01-25 12:59 - 00000000 ____D () C:\SUPERDelete
2015-01-13 20:19 - 2014-12-19 03:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 20:19 - 2014-12-19 01:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 20:19 - 2014-12-11 17:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 20:19 - 2014-12-06 04:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 20:19 - 2014-12-06 03:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 20:19 - 2014-12-06 03:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 20:18 - 2014-12-12 05:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 20:18 - 2014-12-12 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 20:18 - 2014-12-12 05:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 20:18 - 2014-12-12 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 20:18 - 2014-12-12 05:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 20:18 - 2014-12-12 05:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 20:18 - 2014-12-12 05:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-10 17:18 - 2015-01-10 17:18 - 00000000 ____D () C:\CrimeWatch
2015-01-10 17:17 - 2015-01-09 16:05 - 00019152 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\fp.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-25 17:39 - 2014-12-19 14:43 - 00000008 __RSH () C:\Users\Sheila\ntuser.pol
2015-01-25 17:39 - 2014-09-22 18:10 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-01-25 17:39 - 2012-04-18 13:43 - 00000000 ____D () C:\Users\Sheila
2015-01-25 17:39 - 2012-04-18 13:40 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-25 17:39 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-25 17:39 - 2009-07-14 04:51 - 00109600 _____ () C:\Windows\setupact.log
2015-01-25 17:38 - 2012-04-18 21:29 - 01974851 _____ () C:\Windows\WindowsUpdate.log
2015-01-25 17:38 - 2009-07-14 03:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-01-25 16:56 - 2012-04-18 13:40 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-25 16:16 - 2009-07-14 04:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-25 16:16 - 2009-07-14 04:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-25 16:08 - 2010-11-21 03:47 - 00879610 _____ () C:\Windows\PFRO.log
2015-01-25 15:10 - 2012-04-18 13:43 - 00000000 ____D () C:\Users\TxR
2015-01-25 15:10 - 2012-04-18 13:43 - 00000000 ____D () C:\Users\systemprofile
2015-01-25 15:10 - 2012-04-18 13:43 - 00000000 ____D () C:\Users\RegBack
2015-01-25 15:10 - 2012-04-18 13:43 - 00000000 ____D () C:\Users\Journal
2015-01-25 15:10 - 2009-07-14 03:20 - 00000000 __RHD () C:\Users\Default
2015-01-25 15:07 - 2009-07-14 02:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-25 14:59 - 2014-03-26 10:45 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-01-25 14:48 - 2014-05-23 18:25 - 00002163 _____ () C:\Users\Sheila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-01-25 13:53 - 2014-09-22 19:37 - 00000000 ____D () C:\Program Files (x86)\Hijack this
2015-01-25 13:20 - 2014-09-22 19:15 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-25 12:43 - 2009-07-14 05:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-24 17:59 - 2014-09-22 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-24 17:59 - 2014-09-22 19:14 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-24 17:59 - 2012-04-18 14:23 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-24 17:54 - 2012-06-05 10:12 - 00000000 ____D () C:\Users\Sheila\AppData\Local\CrashDumps
2015-01-21 20:02 - 2012-04-18 14:25 - 00002189 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-13 22:50 - 2013-08-14 23:24 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-13 22:47 - 2012-04-18 15:11 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-31 11:14 - 2010-11-21 03:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
==================== Files in the root of some directories =======
 
2012-08-31 15:18 - 2012-08-31 15:19 - 0003080 _____ () C:\Users\Sheila\AppData\Roaming\InVision Installer.log
2014-04-04 09:51 - 2014-04-04 09:51 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-04-19 11:10 - 2014-04-04 09:48 - 0003771 _____ () C:\ProgramData\hpzinstall.log
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-25 15:35
 
==================== End Of Log ============================


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:23 PM

Posted 25 January 2015 - 01:07 PM

Step 1

frst.pngfrstfix.png
Please download the attached fixlist txt.gif and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.
Attached File  fixlist.txt   581bytes   5 downloads


After Reboot:

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 Spacedog79

Spacedog79
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 25 January 2015 - 01:25 PM

Thanks, here is fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01
Ran by Sheila at 2015-01-25 18:19:54 Run:2
Running from C:\Users\Sheila\Downloads
Loaded Profiles: Sheila (Available profiles: Sheila)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
R2 fp; C:\Windows\System32\DRIVERS\fp.sys [19152 2015-01-09] (Windows ® Win 7 DDK provider)
C:\Windows\System32\DRIVERS\fp.sys 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.safesearch.net/?p=h&m=ie&c=wi&s=wi
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.safesearch.net/?p=h&m=ie&c=na&s=na
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesearch.net/?p=h&m=ie&c=wi&s=wi
SearchScopes: HKLM -> DefaultScope {BA1BE292-1D15-488B-934D-008742212380} URL = 
C:\CrimeWatch
*****************
 
Processes closed successfully.
fp => Service stopped successfully.
fp => Service deleted successfully.
C:\Windows\System32\DRIVERS\fp.sys => Moved successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
C:\CrimeWatch => Moved successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog 18:19:54 ====
 
And here is FRST.txt:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Sheila (administrator) on SHEILA-LAPTOP on 25-01-2015 17:41:36
Running from C:\Users\Sheila\Downloads
Loaded Profiles: Sheila (Available profiles: Sheila)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-09] (Synaptics Incorporated)
HKLM\...\Run: [PfNet] => C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe [6310912 2010-06-24] (FUJITSU LIMITED)
HKLM\...\Run: [PSUTility] => C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [188264 2009-07-30] (FUJITSU LIMITED)
HKLM\...\Run: [FDM7] => C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [164712 2009-11-26] (FUJITSU LIMITED)
HKLM\...\Run: [LoadFujitsuQuickTouch] => C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [157544 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [LoadBtnHnd] => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [35176 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor)
HKLM-x32\...\Run: [LoadFUJ02E3] => C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe [36712 2009-10-08] (FUJITSU LIMITED)
HKLM-x32\...\Run: [IndicatorUtility] => C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [47976 2009-10-09] (FUJITSU LIMITED)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] => C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [162912 2009-07-08] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-951479371-3248473547-1316026327-1000\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.safesearch.net/?p=h&m=ie&c=wi&s=wi
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.safesearch.net/?p=h&m=ie&c=na&s=na
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesearch.net/?p=h&m=ie&c=wi&s=wi
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-951479371-3248473547-1316026327-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> DefaultScope {BA1BE292-1D15-488B-934D-008742212380} URL = 
SearchScopes: HKU\S-1-5-21-951479371-3248473547-1316026327-1000 -> {4F620888-1FF8-4A07-B6C5-12F2BD4D0982} URL = https://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-951479371-3248473547-1316026327-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Sheila\AppData\Local\Google\Chrome\User Data\Default
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [262144 2009-11-01] (Intel Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [330240 2010-06-24] (FUJITSU LIMITED) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2009-07-30] (FUJITSU LIMITED)
U2 UNS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2314240 2009-11-01] (Intel Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 fp; C:\Windows\System32\DRIVERS\fp.sys [19152 2015-01-09] (Windows ® Win 7 DDK provider)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-25 16:15 - 2015-01-25 16:15 - 00015411 _____ () C:\Users\Sheila\Downloads\Addition.txt
2015-01-25 16:14 - 2015-01-25 17:41 - 00012229 _____ () C:\Users\Sheila\Downloads\FRST.txt
2015-01-25 16:14 - 2015-01-25 17:41 - 00000000 ____D () C:\FRST
2015-01-25 16:13 - 2015-01-25 16:14 - 02129920 _____ (Farbar) C:\Users\Sheila\Downloads\FRST64.exe
2015-01-25 15:09 - 2015-01-25 15:09 - 00018336 _____ () C:\ComboFix.txt
2015-01-25 14:59 - 2011-06-26 06:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-25 14:59 - 2010-11-07 17:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-25 14:59 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-25 14:59 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-25 14:59 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-25 14:59 - 2000-08-31 00:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-25 14:59 - 2000-08-31 00:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-25 14:59 - 2000-08-31 00:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-25 14:57 - 2015-01-25 15:10 - 00000000 ____D () C:\Qoobox
2015-01-25 14:57 - 2015-01-25 15:08 - 00000000 ____D () C:\Windows\erdnt
2015-01-25 14:55 - 2015-01-25 14:55 - 05609462 ____R (Swearware) C:\Users\Sheila\Downloads\ComboFix.exe
2015-01-25 14:44 - 2015-01-25 14:44 - 01707939 _____ (Thisisu) C:\Users\Sheila\Downloads\JRT.exe
2015-01-25 14:44 - 2015-01-25 14:44 - 00000000 ____D () C:\Windows\ERUNT
2015-01-25 14:21 - 2015-01-25 14:30 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-25 12:59 - 2015-01-25 12:59 - 00000000 ____D () C:\SUPERDelete
2015-01-13 20:19 - 2014-12-19 03:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 20:19 - 2014-12-19 01:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 20:19 - 2014-12-11 17:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 20:19 - 2014-12-06 04:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 20:19 - 2014-12-06 03:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 20:19 - 2014-12-06 03:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 20:18 - 2014-12-12 05:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 20:18 - 2014-12-12 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 20:18 - 2014-12-12 05:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 20:18 - 2014-12-12 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 20:18 - 2014-12-12 05:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 20:18 - 2014-12-12 05:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 20:18 - 2014-12-12 05:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-10 17:18 - 2015-01-10 17:18 - 00000000 ____D () C:\CrimeWatch
2015-01-10 17:17 - 2015-01-09 16:05 - 00019152 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\fp.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-25 17:39 - 2014-12-19 14:43 - 00000008 __RSH () C:\Users\Sheila\ntuser.pol
2015-01-25 17:39 - 2014-09-22 18:10 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-01-25 17:39 - 2012-04-18 13:43 - 00000000 ____D () C:\Users\Sheila
2015-01-25 17:39 - 2012-04-18 13:40 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-25 17:39 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-25 17:39 - 2009-07-14 04:51 - 00109600 _____ () C:\Windows\setupact.log
2015-01-25 17:38 - 2012-04-18 21:29 - 01974851 _____ () C:\Windows\WindowsUpdate.log
2015-01-25 17:38 - 2009-07-14 03:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-01-25 16:56 - 2012-04-18 13:40 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-25 16:16 - 2009-07-14 04:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-25 16:16 - 2009-07-14 04:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-25 16:08 - 2010-11-21 03:47 - 00879610 _____ () C:\Windows\PFRO.log
2015-01-25 15:10 - 2012-04-18 13:43 - 00000000 ____D () C:\Users\TxR
2015-01-25 15:10 - 2012-04-18 13:43 - 00000000 ____D () C:\Users\systemprofile
2015-01-25 15:10 - 2012-04-18 13:43 - 00000000 ____D () C:\Users\RegBack
2015-01-25 15:10 - 2012-04-18 13:43 - 00000000 ____D () C:\Users\Journal
2015-01-25 15:10 - 2009-07-14 03:20 - 00000000 __RHD () C:\Users\Default
2015-01-25 15:07 - 2009-07-14 02:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-25 14:59 - 2014-03-26 10:45 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-01-25 14:48 - 2014-05-23 18:25 - 00002163 _____ () C:\Users\Sheila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-01-25 13:53 - 2014-09-22 19:37 - 00000000 ____D () C:\Program Files (x86)\Hijack this
2015-01-25 13:20 - 2014-09-22 19:15 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-25 12:43 - 2009-07-14 05:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-24 17:59 - 2014-09-22 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-24 17:59 - 2014-09-22 19:14 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-24 17:59 - 2012-04-18 14:23 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-24 17:54 - 2012-06-05 10:12 - 00000000 ____D () C:\Users\Sheila\AppData\Local\CrashDumps
2015-01-21 20:02 - 2012-04-18 14:25 - 00002189 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-13 22:50 - 2013-08-14 23:24 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-13 22:47 - 2012-04-18 15:11 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-31 11:14 - 2010-11-21 03:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
==================== Files in the root of some directories =======
 
2012-08-31 15:18 - 2012-08-31 15:19 - 0003080 _____ () C:\Users\Sheila\AppData\Roaming\InVision Installer.log
2014-04-04 09:51 - 2014-04-04 09:51 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-04-19 11:10 - 2014-04-04 09:48 - 0003771 _____ () C:\ProgramData\hpzinstall.log
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-25 15:35
 
==================== End Of Log ============================


#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:23 PM

Posted 25 January 2015 - 01:34 PM

:lol:

 

 

 
==== End of Fixlog 18:19:54 ====
 
And here is FRST.txt:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Sheila (administrator) on SHEILA-LAPTOP on 25-01-2015 17:41:36

 

Please run FRST for scan and post the "fresh" log. :)


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 Spacedog79

Spacedog79
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 25 January 2015 - 01:39 PM

Very sorry,I don't know how I got that wrong! 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Sheila (administrator) on SHEILA-LAPTOP on 25-01-2015 18:36:31
Running from C:\Users\Sheila\Downloads
Loaded Profiles: Sheila (Available profiles: Sheila)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-09] (Synaptics Incorporated)
HKLM\...\Run: [PfNet] => C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe [6310912 2010-06-24] (FUJITSU LIMITED)
HKLM\...\Run: [PSUTility] => C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [188264 2009-07-30] (FUJITSU LIMITED)
HKLM\...\Run: [FDM7] => C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [164712 2009-11-26] (FUJITSU LIMITED)
HKLM\...\Run: [LoadFujitsuQuickTouch] => C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [157544 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [LoadBtnHnd] => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [35176 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor)
HKLM-x32\...\Run: [LoadFUJ02E3] => C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe [36712 2009-10-08] (FUJITSU LIMITED)
HKLM-x32\...\Run: [IndicatorUtility] => C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [47976 2009-10-09] (FUJITSU LIMITED)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] => C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [162912 2009-07-08] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-951479371-3248473547-1316026327-1000\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-951479371-3248473547-1316026327-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-21-951479371-3248473547-1316026327-1000 -> {4F620888-1FF8-4A07-B6C5-12F2BD4D0982} URL = https://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-951479371-3248473547-1316026327-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (WeatherBlink Installer Plugin Stub) - C:\Program Files (x86)\WeatherBlinkEI\Installr\1.bin\NPgcEISB.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Profile: C:\Users\Sheila\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Sheila\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\Sheila\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-18]
CHR Extension: (Google Search) - C:\Users\Sheila\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-18]
CHR Extension: (AdBlock) - C:\Users\Sheila\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-11-22]
CHR Extension: (Google Wallet) - C:\Users\Sheila\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Sheila\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-18]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [262144 2009-11-01] (Intel Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [330240 2010-06-24] (FUJITSU LIMITED) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2009-07-30] (FUJITSU LIMITED)
R2 UNS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2314240 2009-11-01] (Intel Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-25 16:15 - 2015-01-25 16:15 - 00015411 _____ () C:\Users\Sheila\Downloads\Addition.txt
2015-01-25 16:14 - 2015-01-25 18:36 - 00013876 _____ () C:\Users\Sheila\Downloads\FRST.txt
2015-01-25 16:14 - 2015-01-25 18:36 - 00000000 ____D () C:\FRST
2015-01-25 16:13 - 2015-01-25 16:14 - 02129920 _____ (Farbar) C:\Users\Sheila\Downloads\FRST64.exe
2015-01-25 15:09 - 2015-01-25 15:09 - 00018336 _____ () C:\ComboFix.txt
2015-01-25 14:59 - 2011-06-26 06:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-25 14:59 - 2010-11-07 17:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-25 14:59 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-25 14:59 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-25 14:59 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-25 14:59 - 2000-08-31 00:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-25 14:59 - 2000-08-31 00:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-25 14:59 - 2000-08-31 00:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-25 14:57 - 2015-01-25 15:10 - 00000000 ____D () C:\Qoobox
2015-01-25 14:57 - 2015-01-25 15:08 - 00000000 ____D () C:\Windows\erdnt
2015-01-25 14:55 - 2015-01-25 14:55 - 05609462 ____R (Swearware) C:\Users\Sheila\Downloads\ComboFix.exe
2015-01-25 14:44 - 2015-01-25 14:44 - 01707939 _____ (Thisisu) C:\Users\Sheila\Downloads\JRT.exe
2015-01-25 14:44 - 2015-01-25 14:44 - 00000000 ____D () C:\Windows\ERUNT
2015-01-25 14:21 - 2015-01-25 14:30 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-25 12:59 - 2015-01-25 12:59 - 00000000 ____D () C:\SUPERDelete
2015-01-13 20:19 - 2014-12-19 03:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 20:19 - 2014-12-19 01:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 20:19 - 2014-12-11 17:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 20:19 - 2014-12-06 04:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 20:19 - 2014-12-06 03:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 20:19 - 2014-12-06 03:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 20:18 - 2014-12-12 05:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 20:18 - 2014-12-12 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 20:18 - 2014-12-12 05:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 20:18 - 2014-12-12 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 20:18 - 2014-12-12 05:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 20:18 - 2014-12-12 05:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 20:18 - 2014-12-12 05:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-25 18:28 - 2009-07-14 04:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-25 18:28 - 2009-07-14 04:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-25 18:21 - 2014-09-22 18:10 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-01-25 18:21 - 2012-04-18 13:40 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-25 18:20 - 2012-04-18 21:29 - 01991200 _____ () C:\Windows\WindowsUpdate.log
2015-01-25 18:20 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-25 18:20 - 2009-07-14 04:51 - 00109656 _____ () C:\Windows\setupact.log
2015-01-25 17:56 - 2012-04-18 13:40 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-25 17:39 - 2014-12-19 14:43 - 00000008 __RSH () C:\Users\Sheila\ntuser.pol
2015-01-25 17:39 - 2012-04-18 13:43 - 00000000 ____D () C:\Users\Sheila
2015-01-25 17:38 - 2009-07-14 03:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-01-25 16:08 - 2010-11-21 03:47 - 00879610 _____ () C:\Windows\PFRO.log
2015-01-25 15:10 - 2012-04-18 13:43 - 00000000 ____D () C:\Users\TxR
2015-01-25 15:10 - 2012-04-18 13:43 - 00000000 ____D () C:\Users\systemprofile
2015-01-25 15:10 - 2012-04-18 13:43 - 00000000 ____D () C:\Users\RegBack
2015-01-25 15:10 - 2012-04-18 13:43 - 00000000 ____D () C:\Users\Journal
2015-01-25 15:10 - 2009-07-14 03:20 - 00000000 __RHD () C:\Users\Default
2015-01-25 15:07 - 2009-07-14 02:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-25 14:59 - 2014-03-26 10:45 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-01-25 14:48 - 2014-05-23 18:25 - 00002163 _____ () C:\Users\Sheila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-01-25 13:53 - 2014-09-22 19:37 - 00000000 ____D () C:\Program Files (x86)\Hijack this
2015-01-25 13:20 - 2014-09-22 19:15 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-25 12:43 - 2009-07-14 05:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-24 17:59 - 2014-09-22 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-24 17:59 - 2014-09-22 19:14 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-24 17:59 - 2012-04-18 14:23 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-24 17:54 - 2012-06-05 10:12 - 00000000 ____D () C:\Users\Sheila\AppData\Local\CrashDumps
2015-01-21 20:02 - 2012-04-18 14:25 - 00002189 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-13 22:50 - 2013-08-14 23:24 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-13 22:47 - 2012-04-18 15:11 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-31 11:14 - 2010-11-21 03:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
==================== Files in the root of some directories =======
 
2012-08-31 15:18 - 2012-08-31 15:19 - 0003080 _____ () C:\Users\Sheila\AppData\Roaming\InVision Installer.log
2014-04-04 09:51 - 2014-04-04 09:51 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-04-19 11:10 - 2014-04-04 09:48 - 0003771 _____ () C:\ProgramData\hpzinstall.log
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-25 15:35
 
==================== End Of Log ============================


#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:23 PM

Posted 25 January 2015 - 01:53 PM

OK,

that issue has been fixed, right?


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 Spacedog79

Spacedog79
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 25 January 2015 - 02:14 PM

Yes it seems to fixed, many thanks Jürgen :-)



#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:23 PM

Posted 25 January 2015 - 02:15 PM

You are welcome!

 

However, there are some things to do - if you wish?!


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 Spacedog79

Spacedog79
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 25 January 2015 - 02:17 PM

Please go ahead...



#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:23 PM

Posted 25 January 2015 - 02:26 PM

It's not a big deal. But please do a final check up:

Step 1

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png
Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif

Step 2
 
warning.gif No resident protection warning

Always have one (and no more than one!) Antivirus program, as the resident protection is absolutely a must-have on any Windows!Each paid-for Anti-Virus comes with a free trial if you wish to try the software before purchasing. Alternatively, you may wish to use the trial, and revert to a free anti-virus afterwards.

For a paid solution, my choice of anti-virus is ESET NOD32. For a free solution, my choice of anti-virus is avast!. However, please be aware that there is no universal solution that works for everyone, and there is no single best anti-virus. What works for me may not work for you and your machine.

Step 3

secheck.png
Please download SecurityCheck and save the file to your Desktop.
  • Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
  • A log (checkup.txt) will automatically open on your Desktop.
  • Copy the contents of the log and paste in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 Spacedog79

Spacedog79
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 25 January 2015 - 10:14 PM

Looks good to me, I have already dealt with the 2 Bitcoin installers:

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ef88ad29cd3df64bb3f2ea6800c30b27
# engine=22139
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-01-26 12:37:05
# local_time=2015-01-26 12:37:05 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 19125 45209419 0 0
# scanned=147449
# found=2
# cleaned=0
# scan_time=5947
sh=C6ECB5C1447C57FC0BE4C69C4F300FB9FB41ADF0 ft=1 fh=c9f6b45ef331d56c vn="a variant of Win32/BitCoinMiner.BJ potentially unsafe application" ac=I fn="C:\Users\Sheila\Downloads\bitcoin-0.8.5-win32-setup.exe"
sh=B67187D29D222D158AA69CC628D9B468713433C7 ft=1 fh=94d990433c1b874d vn="a variant of Win32/BitCoinMiner.BJ potentially unsafe application" ac=I fn="C:\Users\Sheila\Downloads\litecoin-0.8.5.1-win32-setup.exe"
 
 

 Results of screen317's Security Check version 0.99.95  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
  Java 64-bit 8 Update 31  
 Google Chrome (39.0.2171.99) 
 Google Chrome (40.0.2214.91) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 ESET ESET Online Scanner OnlineScannerApp.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
 


#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:23 PM

Posted 26 January 2015 - 11:38 AM

This looks good indeed. No more active malware. :thumbup2:

That's it! abklatsch.gif
Your logs look clean to me at the moment. :thumbup2:
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif
Thank you!


Clean Upcleanupm.PNG

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download delfix.pngDelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.
Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.


Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:23 PM

Posted 28 January 2015 - 01:44 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users