Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

re-directed here for help with TROJAN infection Win 8


  • This topic is locked This topic is locked
10 replies to this topic

#1 ccc777

ccc777

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 20 March 2015 - 11:25 PM

Hello,

 

I have been re-directed here by BCAdvisor   http://www.bleepingcomputer.com/forums/t/570714/win-8-opened-spam-email-by-mistake/#entry3659311

 

I have used Malwarebytes, which was clear

Eset found several trojans

Adware was suggestive of problems, as per the link above.

 

I have no noticeable issues with my PC's operation or performance, but I was told there are things that need cleaning.  Please help.

I had trouble uploading Addition.txt.  Should I add this in the body of the text?

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Asus x502 (administrator) on ASUS on 21-03-2015 15:13:09
Running from C:\Users\Asus x502\Desktop
Loaded Profiles: Asus x502 (Available profiles: Asus x502)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\HDD Health\HDDHealthService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Flux Software LLC) C:\Users\Asus x502\AppData\Local\FluxSoftware\Flux\flux.exe
(Akamai Technologies, Inc.) C:\Users\Asus x502\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Asus x502\AppData\Local\Akamai\netsession_win.exe
(Propel Software Corporation) C:\Program Files (x86)\Propel 7\PropelAC.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Corporation) C:\Users\Asus x502\Desktop\unused desktop items\Mozilla Firefox\firefox.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13519432 2013-04-09] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [Propel 7] => C:\Program Files (x86)\Propel 7\PropelAC.exe [303234 2012-04-23] (Propel Software Corporation)
HKLM-x32\...\Run: [ZALFree] => C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe [8205944 2014-12-30] (Zemana Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3021463576-3372758973-3128548748-1001\...\Run: [F.lux] => C:\Users\Asus x502\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-3021463576-3372758973-3128548748-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Asus x502\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3021463576-3372758973-3128548748-1001\...\Run: [CCleaner] => C:\Users\Asus x502\Desktop\CCleaner64.exe [6185240 2013-06-20] (Piriform Ltd)
HKU\S-1-5-21-3021463576-3372758973-3128548748-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-02-08] (SUPERAntiSpyware)
HKU\S-1-5-21-3021463576-3372758973-3128548748-1001\...\MountPoints2: {419086cd-b9e4-11e3-be90-74d02b17d4d4} - "D:\AutoRun.exe"
HKU\S-1-5-21-3021463576-3372758973-3128548748-1001\...\MountPoints2: {500f57ff-e546-11e3-be97-74d02b17d4d4} - "D:\AutoRun.exe"
HKU\S-1-5-21-3021463576-3372758973-3128548748-1001\...\MountPoints2: {a8cb89d7-9548-11e4-bebb-74d02b17d4d4} - "D:\LaunchU3.exe" -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HDDHealth.lnk
ShortcutTarget: HDDHealth.lnk -> C:\Program Files (x86)\HDD Health\hddhealth.exe (PANTERASoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-3021463576-3372758973-3128548748-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3021463576-3372758973-3128548748-1001] => http=127.0.0.1:8080
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll [2013-09-07] (McAfee, Inc.)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: Accelerator Plugin -> {656EC4B7-072B-4698-B504-2A414C1F0037} -> C:\Program Files (x86)\Propel 7\pnibrex.dll [2012-04-23] (Propel Software Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-08] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-08] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 10.1.1.1

FireFox:
========
FF ProfilePath: C:\Users\Asus x502\AppData\Roaming\Mozilla\Firefox\Profiles\k1spyl12.default-1423359661512
FF Homepage: www.google.com
FF NetworkProxy: "ftp", "200.199.74.139"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "gopher", "200.199.74.139"
FF NetworkProxy: "gopher_port", 8080
FF NetworkProxy: "http", "200.199.74.139"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "socks", "200.199.74.139"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "200.199.74.139"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-08] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-08] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-04-15] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-04-15] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-08] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll [2013-09-07] (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-07-31] (VideoLAN)
FF Plugin HKU\S-1-5-21-3021463576-3372758973-3128548748-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Asus x502\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-03-13] (Citrix Online)
FF Extension: Readable - C:\Users\Asus x502\AppData\Roaming\Mozilla\Firefox\Profiles\k1spyl12.default-1423359661512\Extensions\{479a1e2b-c0cf-4c2f-b04e-95ddb5ccb8c0} [2015-02-08]
FF Extension: iMacros for Firefox - C:\Users\Asus x502\AppData\Roaming\Mozilla\Firefox\Profiles\k1spyl12.default-1423359661512\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2015-02-21]
FF Extension: WOT - C:\Users\Asus x502\AppData\Roaming\Mozilla\Firefox\Profiles\k1spyl12.default-1423359661512\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-02-08]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Asus x502\AppData\Roaming\Mozilla\Firefox\Profiles\k1spyl12.default-1423359661512\Extensions\adblockpopups@jessehakanen.net.xpi [2015-02-08]
FF Extension: Best Proxy Switcher - C:\Users\Asus x502\AppData\Roaming\Mozilla\Firefox\Profiles\k1spyl12.default-1423359661512\Extensions\bestproxyswitcher@bestproxyswitcher.com.xpi [2015-02-08]
FF Extension: YouTube Video and Audio Downloader - C:\Users\Asus x502\AppData\Roaming\Mozilla\Firefox\Profiles\k1spyl12.default-1423359661512\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2015-02-08]
FF Extension: Firebug - C:\Users\Asus x502\AppData\Roaming\Mozilla\Firefox\Profiles\k1spyl12.default-1423359661512\Extensions\firebug@software.joehewitt.com.xpi [2015-02-10]
FF Extension: GreyBackgrounds - C:\Users\Asus x502\AppData\Roaming\Mozilla\Firefox\Profiles\k1spyl12.default-1423359661512\Extensions\greybackgrounds@extensions.moz.xpi [2015-02-08]
FF Extension: Google Untracker - C:\Users\Asus x502\AppData\Roaming\Mozilla\Firefox\Profiles\k1spyl12.default-1423359661512\Extensions\jid1-0PPAg3kpBlAJHA@jetpack.xpi [2015-02-08]
FF Extension: DuckDuckGo Plus - C:\Users\Asus x502\AppData\Roaming\Mozilla\Firefox\Profiles\k1spyl12.default-1423359661512\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2015-03-10]
FF Extension: Clearly - C:\Users\Asus x502\AppData\Roaming\Mozilla\Firefox\Profiles\k1spyl12.default-1423359661512\Extensions\readable@evernote.com.xpi [2015-02-08]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\Asus x502\AppData\Roaming\Mozilla\Firefox\Profiles\k1spyl12.default-1423359661512\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2015-02-08]
FF Extension: Zoom Page - C:\Users\Asus x502\AppData\Roaming\Mozilla\Firefox\Profiles\k1spyl12.default-1423359661512\Extensions\zoompage@DW-dev.xpi [2015-02-08]
FF Extension: NoScript - C:\Users\Asus x502\AppData\Roaming\Mozilla\Firefox\Profiles\k1spyl12.default-1423359661512\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-02-08]
FF Extension: Yahoo Mail Hide Ad Panel - C:\Users\Asus x502\AppData\Roaming\Mozilla\Firefox\Profiles\k1spyl12.default-1423359661512\Extensions\{c37bac34-849a-4d28-be41-549b2c76c64e}.xpi [2015-02-08]
FF Extension: Adblock Plus - C:\Users\Asus x502\AppData\Roaming\Mozilla\Firefox\Profiles\k1spyl12.default-1423359661512\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-08]
FF Extension: BetterPrivacy - C:\Users\Asus x502\AppData\Roaming\Mozilla\Firefox\Profiles\k1spyl12.default-1423359661512\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-02-08]
FF Extension: Greasemonkey - C:\Users\Asus x502\AppData\Roaming\Mozilla\Firefox\Profiles\k1spyl12.default-1423359661512\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-02-08]
FF Extension: Adblock Edge - C:\Users\Asus x502\AppData\Roaming\Mozilla\Firefox\Profiles\k1spyl12.default-1423359661512\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-02-08]
StartMenuInternet: FIREFOX.EXE - C:\Users\Asus x502\Desktop\unused desktop items\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Asus x502\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Asus x502\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-10]
CHR Extension: (Google Drive) - C:\Users\Asus x502\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Asus x502\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-17]
CHR Extension: (Google Wallet) - C:\Users\Asus x502\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242728 2014-07-01] (Foxit Corporation)
R2 HDDHealth; C:\Program Files (x86)\HDD Health\HDDHealthService.exe [17760 2013-03-08] () [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-07] (McAfee, Inc.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-07] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-07] (Secunia)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-11-28] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-11-28] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-06-28] (ASUS Corporation)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [76520 2014-12-30] (Zemana Ltd.)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-07] (Secunia)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-11-28] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-21 15:13 - 2015-03-21 15:13 - 00018057 _____ () C:\Users\Asus x502\Desktop\FRST.txt
2015-03-21 15:12 - 2015-03-21 15:13 - 00000000 ____D () C:\FRST
2015-03-21 15:11 - 2015-03-21 15:12 - 02095616 _____ (Farbar) C:\Users\Asus x502\Desktop\FRST64.exe
2015-03-21 15:10 - 2015-03-21 15:10 - 01135104 _____ (Farbar) C:\Users\Asus x502\Desktop\FRST.exe
2015-03-20 21:14 - 2015-03-20 21:14 - 00000260 _____ () C:\mb.txt
2015-03-20 21:04 - 2015-03-20 21:15 - 00026666 _____ () C:\WINDOWS\PFRO.log
2015-03-20 21:04 - 2015-03-20 21:15 - 00000154 _____ () C:\WINDOWS\setupact.log
2015-03-20 21:04 - 2015-03-20 21:04 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-03-20 20:55 - 2015-03-20 20:55 - 02347384 _____ (ESET) C:\Users\Asus x502\Desktop\esetsmartinstaller_enu.exe
2015-03-20 20:33 - 2015-03-20 20:34 - 02171392 _____ () C:\Users\Asus x502\Desktop\AdwCleaner.exe
2015-03-20 20:33 - 2015-03-20 20:33 - 01388672 _____ (Thisisu) C:\Users\Asus x502\Desktop\JRT.exe
2015-03-18 23:40 - 2015-03-18 23:40 - 00001022 _____ () C:\Users\Asus x502\Desktop\nagual.pdf - Shortcut.lnk
2015-03-17 22:40 - 2015-03-19 20:33 - 00000892 _____ () C:\Users\Asus x502\Desktop\
2015-03-17 13:38 - 2015-03-18 21:08 - 00020289 _____ () C:\Users\Asus x502\Desktop\
2015-03-16 20:59 - 2015-03-16 20:59 - 00001464 _____ () C:\Users\Asus x502\.recently-used.xbel
2015-03-15 18:19 - 2015-03-15 18:19 - 00000732 _____ () C:\Users\Asus x502\Documents\
2015-03-14 11:09 - 2015-03-14 10:10 - 15996848 _____ () C:\Users\Asus x502\Documents\DIA
2015-03-13 14:29 - 2015-03-20 22:49 - 00000596 _____ () C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3021463576-3372758973-3128548748-1001.job
2015-03-13 14:29 - 2015-03-13 14:29 - 00003596 _____ () C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-3021463576-3372758973-3128548748-1001
2015-03-13 14:28 - 2015-03-13 14:29 - 00000000 ____D () C:\Users\Asus x502\AppData\Local\Citrix
2015-03-12 13:13 - 2015-03-12 13:33 - 254960712 _____ () C:\Users\Asus x502\Desktop\
2015-03-12 00:21 - 2015-03-21 15:06 - 01181670 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-10 00:43 - 2015-03-10 00:43 - 00000250 _____ () C:\Users\Asus x502\AppData\Local\DF4F150647CC4e1f8E09E0CFEB46B85C.CalcTape1.calc
2015-03-09 22:53 - 2015-03-09 22:53 - 00000331 _____ () C:\Users\Asus x502\Documents\
2015-03-09 00:30 - 2015-03-09 01:00 - 226112558 _____ () C:\Users\Asus x502\Desktop\
2015-03-08 14:59 - 2015-03-08 14:59 - 00000038 _____ () C:\Users\Asus x502\Documents\IB.txt
2015-03-08 14:13 - 2015-03-08 14:13 - 00001923 _____ () C:\Users\Public\Desktop\Trader Workstation 4.0.LNK
2015-03-08 12:58 - 2015-03-08 12:57 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-03-08 12:57 - 2015-03-08 12:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-08 12:48 - 2015-03-08 14:13 - 00000571 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check for TWS Updates.lnk
2015-03-08 12:20 - 2015-03-08 14:13 - 00000044 _____ () C:\WINDOWS\ib.ini
2015-03-08 12:20 - 2015-03-08 12:20 - 00000000 ____D () C:\Users\Asus x502\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Interactive Brokers
2015-03-08 12:20 - 2015-03-08 12:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Interactive Brokers
2015-03-08 12:20 - 2003-02-21 04:42 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll
2015-03-08 12:20 - 2001-09-07 14:48 - 00026624 _____ () C:\WINDOWS\GetIe.dll
2015-03-07 15:03 - 2015-03-17 15:57 - 00000000 ____D () C:\Users\Asus x502\AppData\Local\Spark
2015-03-07 15:03 - 2015-03-07 15:03 - 00001734 _____ () C:\Users\Public\Desktop\
2015-03-07 15:03 - 2015-03-07 15:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\
2015-03-07 15:03 - 2015-03-07 15:03 - 00000000 ____D () C:\Program Files (x86)\
2015-03-05 22:41 - 2015-03-19 20:27 - 00000038 _____ () C:\Users\Asus x502\Documents\
2015-03-04 15:56 - 2015-03-04 15:56 - 00000019 _____ () C:\Users\Asus x502\Documents\
2015-03-03 21:23 - 2015-03-03 21:23 - 00000262 _____ () C:\Users\Asus x502\Desktop\

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-21 15:05 - 2013-08-23 02:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-20 22:40 - 2015-01-17 18:46 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2015-03-20 22:36 - 2014-08-21 16:25 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-20 21:59 - 2013-12-26 12:09 - 00000000 ____D () C:\Users\Asus x502\AppData\Roaming\ClassicShell
2015-03-20 21:15 - 2015-01-17 18:44 - 00000000 ____D () C:\AdwCleaner
2015-03-20 21:15 - 2014-08-21 16:25 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-20 21:15 - 2013-08-23 01:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-20 21:15 - 2013-08-23 00:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-20 21:10 - 2014-10-25 15:04 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-20 20:30 - 2014-10-25 15:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-20 11:35 - 2013-11-14 13:00 - 00000000 ____D () C:\Program Files (x86)\AmiBroker
2015-03-17 13:42 - 2014-09-25 03:21 - 00876144 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-16 21:51 - 2013-08-08 15:58 - 00000000 ____D () C:\Users\Asus x502\Desktop\unused desktop items
2015-03-16 20:59 - 2014-11-28 12:19 - 00000000 ____D () C:\Users\Asus x502
2015-03-15 23:27 - 2014-03-28 17:31 - 00000000 ___RD () C:\Users\Asus x502\Desktop\Papers
2015-03-14 15:28 - 2013-12-26 18:46 - 00000000 ____D () C:\Program Files\AmiBroker
2015-03-11 11:37 - 2014-04-10 11:16 - 00215025 _____ () C:\Users\Asus x502\Desktop\nn2.txt
2015-03-09 10:22 - 2014-12-09 13:17 - 00000000 ____D () C:\Jts
2015-03-08 15:26 - 2013-07-01 12:37 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3021463576-3372758973-3128548748-1001
2015-03-08 12:58 - 2013-10-23 15:57 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-08 12:57 - 2014-10-16 10:34 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-08 11:20 - 2014-04-27 00:36 - 00000849 _____ () C:\Users\Public\Desktop\Medved Trader.lnk
2015-03-08 11:20 - 2014-04-27 00:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medved Trader
2015-03-08 11:20 - 2014-04-27 00:36 - 00000000 ____D () C:\Program Files\Medved Trader
2015-03-08 00:10 - 2015-02-10 20:10 - 00001494 _____ () C:\Users\Asus x502\Desktop\
2015-03-05 21:57 - 2014-10-25 16:46 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-03-04 16:29 - 2014-10-30 17:34 - 00000000 ____D () C:\Users\Asus x502\Documents\Medved Trader
2015-03-04 00:17 - 2013-08-07 17:49 - 00295552 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-02-25 23:13 - 2015-01-10 20:53 - 00000000 ____D () C:\Users\Asus x502\AppData\Local\CrashDumps
2015-02-25 23:09 - 2015-02-14 18:43 - 00000535 _____ () C:\Users\Asus x502\Desktop
2015-02-22 00:04 - 2015-02-15 17:22 - 00002462 _____ () C:\Users\Asus x502\Documents\www.au3
2015-02-21 23:47 - 2015-02-14 22:06 - 00000000 ____D () C:\Program Files\CamStudio 2.7
2015-02-20 23:04 - 2015-01-05 11:12 - 00000000 ____D () C:\Users\Asus x502\AppData\Roaming\vlc
2015-02-20 16:47 - 2015-02-17 15:50 - 00004568 _____ () C:\Users\Asus x502\AppData\Roaming\CamStudio.cfg
2015-02-20 16:47 - 2015-02-17 15:50 - 00000408 _____ () C:\Users\Asus x502\AppData\Roaming\CamShapes.ini
2015-02-20 16:47 - 2015-02-17 15:50 - 00000408 _____ () C:\Users\Asus x502\AppData\Roaming\CamLayout.ini
2015-02-20 16:47 - 2015-02-17 15:50 - 00000096 _____ () C:\Users\Asus x502\AppData\Roaming\Camdata.ini
2015-02-19 20:21 - 2015-02-17 15:47 - 00000096 _____ () C:\Users\Asus x502\AppData\Roaming\version2.xml
2015-02-19 13:05 - 2013-08-31 19:52 - 00000000 ____D () C:\Users\Asus x502\AppData\Local\Greenshot

==================== Files in the root of some directories =======

2015-02-17 15:50 - 2015-02-20 16:47 - 0000096 _____ () C:\Users\Asus x502\AppData\Roaming\Camdata.ini
2015-02-17 15:50 - 2015-02-20 16:47 - 0000408 _____ () C:\Users\Asus x502\AppData\Roaming\CamLayout.ini
2015-02-17 15:50 - 2015-02-20 16:47 - 0000408 _____ () C:\Users\Asus x502\AppData\Roaming\CamShapes.ini
2015-02-17 15:50 - 2015-02-20 16:47 - 0004568 _____ () C:\Users\Asus x502\AppData\Roaming\CamStudio.cfg
2013-09-01 14:41 - 2013-09-01 14:48 - 0000459 _____ () C:\Users\Asus x502\AppData\Roaming\DarkAdapted Preferences
2015-02-17 15:47 - 2015-02-19 20:21 - 0000096 _____ () C:\Users\Asus x502\AppData\Roaming\version2.xml
2015-02-07 23:14 - 2015-02-07 23:14 - 0000250 _____ () C:\Users\Asus x502\AppData\Local\02F688AA0EC14cdeAB8F3B0821D3C5CA.CalcTape1.calc
2015-03-10 00:43 - 2015-03-10 00:43 - 0000250 _____ () C:\Users\Asus x502\AppData\Local\DF4F150647CC4e1f8E09E0CFEB46B85C.CalcTape1.calc
2014-11-30 14:32 - 2014-11-30 14:32 - 0000097 _____ () C:\Users\Asus x502\AppData\Local\fusioncache.dat
2013-08-11 21:10 - 2013-08-11 21:10 - 0000017 _____ () C:\Users\Asus x502\AppData\Local\resmon.resmoncfg

Some content of TEMP:
====================
C:\Users\Asus x502\AppData\Local\Temp\Quarantine.exe
C:\Users\Asus x502\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-20 23:25

==================== End Of Log ============================


Edited by ccc777, 20 March 2015 - 11:56 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:39 AM

Posted 23 March 2015 - 08:52 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CloseProcesses:

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Extension: DuckDuckGo Plus - C:\Users\Asus x502\AppData\Roaming\Mozilla\Firefox\Profiles\k1spyl12.default-1423359661512\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2015-03-10]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

CHR dev: Chrome dev build detected! <======= ATTENTION


Your Chrome browser was compromised

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

Reinstall Chrome and the Bookmarks.

If you want to save all your settings refer to this page.
Follow the instructions before removing Chrome.
http://juan2geek.com/how-to-backup-and-restore-entire-google-chrome-setting/
<<<>>>

How is the computer running now?

#3 ccc777

ccc777
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 23 March 2015 - 11:01 PM

Sorry but I don't understand these steps:

 

"Save the files as fixlist.txt into the same folder as FRST
Run FRST and click Fix only once and wait.
Restart the computer normally to reset the registry".

 

You say save the files (plural) as fixlist.txt  - isn't it just one file?

You say "into the same folder as FRST", except FRST is a file not a folder.  What do I do here?

How do I run FRST?

 

Thanks.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:39 AM

Posted 24 March 2015 - 08:09 AM

FRST the tool is running from your desktop.
Running from C:\Users\Asus x502\Desktop

Make sure that the fixlist.txt is also on the Deskop. (The Desktop is a folder)
Run the tools and select the fix button.

Post the log.
Let me know if the problem persist.

#5 ccc777

ccc777
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 24 March 2015 - 06:22 PM

I'm not trying to be difficult but I still don't understand what I'm to do here.  I get that the desktop is a folder, but...

 

All I have on my desktop is two text files - FRST.txt and fixlist.txt   Why do you call FRST a "tool"? 

 

How do I "run" a text file?  If I click it, all I see is the words in a notepad document. 

 

Thanks



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:39 AM

Posted 25 March 2015 - 07:38 AM

Farbar Recovery Scan Tool

You probably used the FRST64.exe for you 64 bit system.
C:\Users\Asus x502\Desktop\FRST64.exe

That file should be on your desktop.

If it's not then download it again from this site.

Farbar Recovery Scan Tool (64 bit)

#7 ccc777

ccc777
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 25 March 2015 - 07:45 PM

Thanks.  This is the fixlog.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Asus x502 at 2015-03-26 11:41:04 Run:1
Running from C:\Users\Asus x502\Desktop
Loaded Profiles: Asus x502 (Available profiles: Asus x502)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

CloseProcesses:

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Extension: DuckDuckGo Plus - C:\Users\Asus x502\AppData\Roaming\Mozilla\Firefox\Profiles\k1spyl12.default-1423359661512\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2015-03-10]

End
*****************

Processes closed successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => Key deleted successfully.
C:\Users\Asus x502\AppData\Roaming\Mozilla\Firefox\Profiles\k1spyl12.default-1423359661512\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi => Moved successfully.


The system needed a reboot.

==== End of Fixlog 11:41:05 ====



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:39 AM

Posted 26 March 2015 - 07:21 AM

How is the computer running now?

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:39 AM

Posted 31 March 2015 - 08:46 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#10 ccc777

ccc777
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 31 March 2015 - 07:07 PM

Many thanks nasdaq, it seems ok now.

 

Will checks that link now.



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:39 AM

Posted 01 April 2015 - 07:36 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users