Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser is hijacked. Pages are being redirected.


  • Please log in to reply
9 replies to this topic

#1 ericgerard

ericgerard

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 29 February 2016 - 11:05 PM

Hi all. A few days ago I was infected by a nasty virus after downloading some software. It initially infected my computer with a bunch of bloatware and toolbars on my desktop and such. I got rid of most of it with various antivirus programs but I am still left with the odd page redirect in google chrome. I would say about 1 in 5 pages I try to go to is redirecting. Any help would be appreciated! I think the adware in particular is called "bubble suite" or "bubble tool", and "yourprofitclub".

 

Here is my FRST file:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-02-2016
Ran by Dylan Chase (administrator) on DESKTOP-V76A57U (29-02-2016 20:50:21)
Running from C:\Users\Dylan Chase\Downloads
Loaded Profiles: Dylan Chase (Available Profiles: Dylan Chase)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1795728 2015-07-13] (NVIDIA Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [M-Audio Taskbar Icon] => C:\Windows\SysWOW64\MAFWDITray.exe [315088 2013-06-03] (M-Audio, a brand of inMusic Brands, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-21-2524719536-4119138142-3575954189-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50599552 2016-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-2524719536-4119138142-3575954189-1001\...\RunOnce: [Uninstall C:\Users\Dylan Chase\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Dylan Chase\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-2524719536-4119138142-3575954189-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-2524719536-4119138142-3575954189-1001\...\Policies\Explorer: [NoPreviewPane] 0
HKU\S-1-5-21-2524719536-4119138142-3575954189-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2524719536-4119138142-3575954189-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2524719536-4119138142-3575954189-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2524719536-4119138142-3575954189-1001\...\Policies\Explorer: [NoWinkeys] 0
HKU\S-1-5-21-2524719536-4119138142-3575954189-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-2524719536-4119138142-3575954189-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-2524719536-4119138142-3575954189-1001\...\Policies\Explorer: [HideSCANetwork] 0
HKU\S-1-5-21-2524719536-4119138142-3575954189-1001\...\Policies\Explorer: [HideSCAVolume] 0
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
AutoConfigURL: [S-1-5-21-2524719536-4119138142-3575954189-1001] => hxxp://un-stop.com/wpad.dat?a7375906413a5ef19892da1f09737f4a6809953
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{7c004e80-d922-4a24-aa7b-945c29317e65}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c86cd419-77b8-4647-a92b-0b10290f35a6}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{c86cd419-77b8-4647-a92b-0b10290f35a6}: [DhcpNameServer] 192.168.1.1
ManualProxies: 0hxxp://un-stop.com/wpad.dat?a7375906413a5ef19892da1f09737f4a6809953
 
Internet Explorer:
==================
HKU\S-1-5-21-2524719536-4119138142-3575954189-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
 
FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-07-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-07-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-20] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
 
Chrome: 
=======
CHR Profile: C:\Users\Dylan Chase\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Dylan Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-20]
CHR Extension: (Google Docs) - C:\Users\Dylan Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-20]
CHR Extension: (Google Drive) - C:\Users\Dylan Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-20]
CHR Extension: (YouTube) - C:\Users\Dylan Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-20]
CHR Extension: (Google Search) - C:\Users\Dylan Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-20]
CHR Extension: (Google Sheets) - C:\Users\Dylan Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-20]
CHR Extension: (Google Docs Offline) - C:\Users\Dylan Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-20]
CHR Extension: (AdBlock) - C:\Users\Dylan Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-02-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dylan Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-20]
CHR Extension: (Gmail) - C:\Users\Dylan Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-20]
CHR Profile: C:\Users\Dylan Chase\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Profile: C:\Users\Dylan Chase\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Docs) - C:\Users\Dylan Chase\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-27]
CHR Extension: (Google Drive) - C:\Users\Dylan Chase\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-27]
CHR Extension: (YouTube) - C:\Users\Dylan Chase\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-27]
CHR Extension: (Adblock Plus) - C:\Users\Dylan Chase\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-02-28]
CHR Extension: (Google Search) - C:\Users\Dylan Chase\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-27]
CHR Extension: (Google Sheets) - C:\Users\Dylan Chase\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-27]
CHR Extension: (Google Docs Offline) - C:\Users\Dylan Chase\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dylan Chase\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-27]
CHR Extension: (Gmail) - C:\Users\Dylan Chase\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-27]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
R3 MAFWPROFIRE; C:\Windows\system32\DRIVERS\MAudioProFire.sys [288976 2013-06-03] (M-Audio, a brand of inMusic Brands, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2015-07-10] (Intel Corporation)
R3 netr28x; C:\Windows\System32\drivers\netr28x.sys [2504192 2015-10-30] (MediaTek Inc.)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 avchv; \SystemRoot\system32\DRIVERS\avchv.sys [X]
R4 gzflt; \??\C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.99.0\gzflt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-29 20:50 - 2016-02-29 20:50 - 00012002 _____ C:\Users\Dylan Chase\Downloads\FRST.txt
2016-02-29 20:49 - 2016-02-29 20:50 - 00000000 ____D C:\FRST
2016-02-29 20:49 - 2016-02-29 20:49 - 02371072 _____ (Farbar) C:\Users\Dylan Chase\Downloads\FRST64.exe
2016-02-29 16:55 - 2016-02-29 16:55 - 00000017 _____ C:\ProgramData\adaware-installer-reboot-required.tmp
2016-02-29 16:46 - 2016-02-29 16:50 - 00000000 ____D C:\EEK
2016-02-29 16:42 - 2016-02-29 16:46 - 217710120 _____ C:\Users\Dylan Chase\Downloads\EmsisoftEmergencyKit.exe
2016-02-29 16:40 - 2016-02-29 16:40 - 01609216 _____ (Malwarebytes) C:\Users\Dylan Chase\Downloads\JRT.exe
2016-02-29 16:39 - 2016-02-29 20:33 - 00000000 ____D C:\Users\Dylan Chase\Desktop\Security
2016-02-29 16:38 - 2016-02-29 16:38 - 00000000 ____D C:\AdwCleaner
2016-02-29 16:32 - 2016-02-29 16:32 - 00002820 _____ C:\Windows\system32\.crusader
2016-02-29 16:28 - 2016-02-29 16:28 - 00000000 ____D C:\Program Files\HitmanPro
2016-02-29 16:26 - 2016-02-29 16:33 - 00000000 ____D C:\ProgramData\HitmanPro
2016-02-29 16:23 - 2016-02-29 16:23 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Dylan Chase\Downloads\iExplore.exe
2016-02-29 16:17 - 2016-02-29 16:18 - 00255038 _____ C:\TDSSKiller.3.1.0.9_29.02.2016_16.17.29_log.txt
2016-02-28 21:42 - 2016-02-28 21:42 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2016-02-28 21:42 - 2016-02-28 21:42 - 00000000 ____D C:\Program Files\Lavasoft
2016-02-28 21:17 - 2016-02-28 21:40 - 02085168 _____ C:\Users\Dylan Chase\Downloads\Adaware_Installer.exe
2016-02-28 20:34 - 2016-02-28 20:35 - 54329568 _____ (Microsoft Corporation) C:\Users\Dylan Chase\Downloads\Windows-KB890830-x64-V5.33.exe
2016-02-27 19:56 - 2016-02-27 19:56 - 00000000 ____D C:\Program Files (x86)\InterLok
2016-02-27 19:53 - 2016-02-27 19:54 - 31747674 _____ C:\Users\Dylan Chase\Downloads\Antares.Autotune.EVO.v6.09.VST-DYNAMiCS.rar
2016-02-27 19:48 - 2016-02-27 19:48 - 00000000 ____D C:\Users\Dylan Chase\Downloads\Antares Autotune Evo v.6.0.9 Crack Included
2016-02-27 19:36 - 2016-02-27 19:39 - 00000000 ____D C:\Users\Dylan Chase\Downloads\backups
2016-02-27 19:22 - 2016-02-28 16:05 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-27 19:22 - 2016-02-27 19:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-27 19:22 - 2016-02-27 19:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-02-27 19:22 - 2016-02-27 19:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-27 19:22 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-02-27 19:22 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-02-27 19:22 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-02-27 19:21 - 2016-02-27 19:22 - 22908888 _____ (Malwarebytes ) C:\Users\Dylan Chase\Downloads\mbam-setup-2.2.0.1024.exe
2016-02-27 19:16 - 2016-02-27 19:16 - 00000885 _____ C:\Windows\SysWOW64\${LOGFILE}
2016-02-27 19:14 - 2016-02-27 19:17 - 00249210 _____ C:\Windows\ntbtlog.txt
2016-02-27 19:14 - 2016-02-27 19:14 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2016-02-27 19:08 - 2016-02-27 19:08 - 00187904 _____ C:\Windows\rsrcs.dll
2016-02-27 19:08 - 2016-02-27 19:08 - 00003858 _____ C:\Windows\System32\Tasks\Bubble Suite Update
2016-02-27 18:33 - 2016-02-27 18:33 - 00900015 _____ C:\Windows\SysWOW64\TmpA173974546
2016-02-27 18:21 - 2016-02-27 18:21 - 00003127 _____ C:\Users\Dylan Chase\Downloads\Antares+Autotune+Evo+VST+RTAS+v6+0+9.torrent
2016-02-27 18:18 - 2016-02-27 18:18 - 00008183 _____ C:\Users\Dylan Chase\Downloads\Antares.Autotune.Evo.VST.RTAS.v7.0.9.PC.torrent
2016-02-27 16:31 - 2016-02-27 13:09 - 1821497846 _____ C:\Users\Dylan Chase\Desktop\HORACE_AND_PETE_01x01_1080.mp4
2016-02-27 15:50 - 2016-02-27 15:51 - 00000000 ____D C:\Users\Dylan Chase\AppData\Local\ElevatedDiagnostics
2016-02-27 15:26 - 2016-02-27 19:29 - 00000420 _____ C:\Users\Dylan Chase\Desktop\This PC - Shortcut.lnk
2016-02-25 19:48 - 2016-02-27 19:56 - 00000000 ____D C:\Program Files (x86)\Antares Audio Technologies
2016-02-24 09:57 - 2016-02-27 19:56 - 00000000 ____D C:\Users\Dylan Chase\AppData\Roaming\Antares
2016-02-24 09:57 - 2016-02-27 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antares Audio Technologies
2016-02-22 19:10 - 2016-02-22 19:10 - 00000000 ____D C:\Program Files (x86)\Steinberg
2016-02-22 18:27 - 2016-02-29 16:53 - 00000000 ____D C:\Users\Dylan Chase\Desktop\New folder
2016-02-22 17:37 - 2003-03-18 20:14 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2016-02-22 17:37 - 2003-02-21 04:42 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2016-02-21 16:36 - 2016-02-27 18:43 - 00000000 ____D C:\Users\Dylan Chase\AppData\Roaming\PACE Anti-Piracy
2016-02-21 16:36 - 2016-02-27 18:43 - 00000000 ____D C:\ProgramData\PACE Anti-Piracy
2016-02-21 16:36 - 2016-02-21 16:36 - 00000000 ____D C:\Users\Dylan Chase\AppData\Local\PACE Anti-Piracy
2016-02-21 16:08 - 2016-02-21 16:08 - 00000000 ____D C:\ProgramData\VST3 Presets
2016-02-21 16:08 - 2009-10-11 21:58 - 01177600 _____ (AD) C:\Windows\SysWOW64\SYNSOEMU.DLL
2016-02-21 16:06 - 2016-02-22 18:52 - 00000000 ____D C:\Users\Dylan Chase\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steinberg Cubase 5
2016-02-21 16:06 - 2016-02-21 16:09 - 00000000 ____D C:\Users\Dylan Chase\AppData\Roaming\Steinberg
2016-02-21 16:06 - 2016-02-21 16:06 - 00000000 ____D C:\Users\Dylan Chase\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steinberg HALionOne
2016-02-21 16:06 - 2016-02-21 16:06 - 00000000 ____D C:\ProgramData\Steinberg
2016-02-21 16:01 - 2016-02-27 19:29 - 00000973 _____ C:\Users\Dylan Chase\Desktop\7-Zip File Manager.lnk
2016-02-21 16:01 - 2016-02-21 16:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-02-21 16:01 - 2016-02-21 16:01 - 00000000 ____D C:\Program Files (x86)\7-Zip
2016-02-21 15:54 - 2016-02-29 20:27 - 00000000 ____D C:\Users\Dylan Chase\AppData\Roaming\Skype
2016-02-21 15:54 - 2016-02-27 19:29 - 00002634 _____ C:\Users\Public\Desktop\Skype.lnk
2016-02-21 15:54 - 2016-02-21 15:54 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-02-21 15:54 - 2016-02-21 15:54 - 00000000 ____D C:\Users\Dylan Chase\Tracing
2016-02-21 15:54 - 2016-02-21 15:54 - 00000000 ____D C:\ProgramData\Skype
2016-02-21 15:54 - 2016-02-21 15:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-02-21 15:52 - 2016-02-21 15:52 - 01503872 _____ (Skype Technologies S.A.) C:\Users\Dylan Chase\Downloads\SkypeSetup.exe
2016-02-21 15:50 - 2016-02-21 15:50 - 00738304 _____ C:\Users\Dylan Chase\Desktop\oasis.exe
2016-02-21 15:12 - 2016-02-27 19:48 - 00000000 ____D C:\Users\Dylan Chase\AppData\LocalLow\BitTorrent
2016-02-21 15:12 - 2016-02-27 19:29 - 00002712 _____ C:\Users\Dylan Chase\Desktop\BitTorrent.lnk
2016-02-21 15:12 - 2016-02-27 19:29 - 00002692 _____ C:\Users\Dylan Chase\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2016-02-21 15:11 - 2016-02-27 20:03 - 00000000 ____D C:\Users\Dylan Chase\AppData\Roaming\BitTorrent
2016-02-21 15:06 - 2016-02-21 15:06 - 00000000 ____D C:\Users\Dylan Chase\Desktop\Reason Song Files
2016-02-21 14:13 - 2016-02-21 14:13 - 00406528 _____ (Propellerhead Software AB) C:\Windows\SysWOW64\ReWire.dll
2016-02-21 14:13 - 2016-02-21 14:13 - 00338432 _____ (Propellerhead Software AB) C:\Windows\SysWOW64\REX Shared Library.dll
2016-02-21 14:12 - 2016-02-21 14:13 - 00000000 ____D C:\Users\Dylan Chase\AppData\Roaming\Propellerhead Software
2016-02-21 14:12 - 2016-02-21 14:13 - 00000000 ____D C:\ProgramData\Propellerhead Software
2016-02-21 14:10 - 2016-02-21 14:10 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-02-21 14:10 - 2016-02-21 14:10 - 00000000 ____D C:\Program Files\MSBuild
2016-02-21 14:10 - 2016-02-21 14:10 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-02-21 14:10 - 2016-02-21 14:10 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-02-21 14:10 - 2015-10-23 17:47 - 00778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
2016-02-21 14:10 - 2015-10-23 17:47 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-02-21 14:10 - 2015-10-23 17:47 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2016-02-21 14:10 - 2015-10-23 17:46 - 01166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
2016-02-21 14:10 - 2015-10-23 17:46 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2016-02-21 14:10 - 2015-10-23 17:45 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2016-02-21 14:09 - 2016-02-27 19:29 - 00001128 _____ C:\Users\Public\Desktop\Reason.lnk
2016-02-21 14:09 - 2016-02-21 14:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Propellerhead
2016-02-21 14:09 - 2016-02-21 14:09 - 00000000 ____D C:\Program Files (x86)\Propellerhead
2016-02-21 14:07 - 2016-02-27 19:29 - 00001321 _____ C:\Users\Public\Desktop\Virtual CloneDrive.lnk
2016-02-21 14:07 - 2016-02-21 14:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2016-02-21 14:07 - 2016-02-21 14:07 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes
2016-02-21 13:19 - 2016-01-28 23:57 - 04502352 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-02-21 13:19 - 2016-01-28 23:33 - 04064320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-02-21 13:19 - 2016-01-26 23:15 - 01557776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-02-21 13:19 - 2016-01-26 23:15 - 01542816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-02-21 13:19 - 2016-01-26 23:01 - 07476064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-21 13:19 - 2016-01-26 23:01 - 01997328 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-21 13:19 - 2016-01-26 23:01 - 01819720 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-21 13:19 - 2016-01-26 22:59 - 00304752 _____ (Microsoft Corporation) C:\Windows\system32\systemreset.exe
2016-02-21 13:19 - 2016-01-26 22:57 - 02919320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-02-21 13:19 - 2016-01-26 22:57 - 01824264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2016-02-21 13:19 - 2016-01-26 22:57 - 00820704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2016-02-21 13:19 - 2016-01-26 22:56 - 21124344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-02-21 13:19 - 2016-01-26 22:55 - 05242496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2016-02-21 13:19 - 2016-01-26 22:55 - 00081112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OpenWith.exe
2016-02-21 13:19 - 2016-01-26 22:54 - 00295264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-02-21 13:19 - 2016-01-26 22:46 - 02606824 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2016-02-21 13:19 - 2016-01-26 22:46 - 01270072 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2016-02-21 13:19 - 2016-01-26 22:45 - 22564328 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-02-21 13:19 - 2016-01-26 22:45 - 06605544 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2016-02-21 13:19 - 2016-01-26 22:44 - 00604928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-02-21 13:19 - 2016-01-26 22:44 - 00085320 _____ (Microsoft Corporation) C:\Windows\system32\OpenWith.exe
2016-02-21 13:19 - 2016-01-26 22:43 - 00359776 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-21 13:19 - 2016-01-26 22:37 - 01998176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-02-21 13:19 - 2016-01-26 22:37 - 00576352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2016-02-21 13:19 - 2016-01-26 22:21 - 00162816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-02-21 13:19 - 2016-01-26 22:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ztrace_maps.dll
2016-02-21 13:19 - 2016-01-26 22:13 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininetlui.dll
2016-02-21 13:19 - 2016-01-26 22:12 - 00045568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-02-21 13:19 - 2016-01-26 22:11 - 00118272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-02-21 13:19 - 2016-01-26 22:10 - 22394368 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2016-02-21 13:19 - 2016-01-26 22:10 - 00099840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2016-02-21 13:19 - 2016-01-26 22:08 - 00299008 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2016-02-21 13:19 - 2016-01-26 22:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\ztrace_maps.dll
2016-02-21 13:19 - 2016-01-26 22:07 - 00203264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iassam.dll
2016-02-21 13:19 - 2016-01-26 22:05 - 19339776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-02-21 13:19 - 2016-01-26 22:05 - 18678272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2016-02-21 13:19 - 2016-01-26 22:05 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\wininetlui.dll
2016-02-21 13:19 - 2016-01-26 22:05 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-02-21 13:19 - 2016-01-26 22:04 - 09918976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-02-21 13:19 - 2016-01-26 22:04 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-21 13:19 - 2016-01-26 22:03 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\ngckeyenum.dll
2016-02-21 13:19 - 2016-01-26 22:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2016-02-21 13:19 - 2016-01-26 22:01 - 00792064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-02-21 13:19 - 2016-01-26 21:59 - 00258048 _____ (Microsoft Corporation) C:\Windows\system32\iassam.dll
2016-02-21 13:19 - 2016-01-26 21:58 - 11545088 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-02-21 13:19 - 2016-01-26 21:57 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2016-02-21 13:19 - 2016-01-26 21:55 - 12125696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-02-21 13:19 - 2016-01-26 21:55 - 03666432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-02-21 13:19 - 2016-01-26 21:54 - 24603136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-02-21 13:19 - 2016-01-26 21:52 - 00970752 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-21 13:19 - 2016-01-26 21:50 - 02230784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-02-21 13:19 - 2016-01-26 21:50 - 01504768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-02-21 13:19 - 2016-01-26 21:50 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-21 13:19 - 2016-01-26 21:49 - 05662208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2016-02-21 13:19 - 2016-01-26 21:48 - 13382656 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-21 13:19 - 2016-01-26 21:44 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cfgbkend.dll
2016-02-21 13:19 - 2016-01-26 21:42 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-21 13:19 - 2016-01-26 21:41 - 03592704 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2016-02-21 13:19 - 2016-01-26 21:39 - 02275328 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-02-21 13:19 - 2016-01-26 21:38 - 07835648 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2016-02-21 13:19 - 2016-01-26 21:38 - 01734656 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-21 13:19 - 2016-01-26 21:37 - 04894720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-02-21 13:19 - 2016-01-26 21:36 - 02757120 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-21 13:19 - 2016-01-26 21:32 - 01087488 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2016-02-21 13:19 - 2016-01-26 21:31 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\cfgbkend.dll
2016-02-21 13:19 - 2016-01-15 23:37 - 00202472 _____ (Microsoft Corporation) C:\Windows\system32\wscapi.dll
2016-02-21 13:19 - 2016-01-15 23:36 - 01173344 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-02-21 13:19 - 2016-01-15 23:36 - 00713568 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-02-21 13:19 - 2016-01-15 23:34 - 00513888 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-02-21 13:19 - 2016-01-15 23:24 - 00538632 _____ (Microsoft Corporation) C:\Windows\system32\WWanAPI.dll
2016-02-21 13:19 - 2016-01-15 23:23 - 08728920 _____ (Microsoft Corp.) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2016-02-21 13:19 - 2016-01-15 23:23 - 00848160 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2016-02-21 13:19 - 2016-01-15 23:23 - 00785088 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-02-21 13:19 - 2016-01-15 23:23 - 00536256 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-02-21 13:19 - 2016-01-15 23:23 - 00408120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-02-21 13:19 - 2016-01-15 23:23 - 00369912 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-02-21 13:19 - 2016-01-15 23:21 - 01750440 _____ (Microsoft Corporation) C:\Windows\system32\WpcMon.exe
2016-02-21 13:19 - 2016-01-15 23:20 - 06971752 _____ (Microsoft Corp.) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-02-21 13:19 - 2016-01-15 23:20 - 00652312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-02-21 13:19 - 2016-01-15 23:20 - 00431240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWanAPI.dll
2016-02-21 13:19 - 2016-01-15 23:20 - 00366224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2016-02-21 13:19 - 2016-01-15 23:19 - 00709688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2016-02-21 13:19 - 2016-01-15 23:19 - 00405568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2016-02-21 13:19 - 2016-01-15 23:12 - 01415200 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-02-21 13:19 - 2016-01-15 23:09 - 01089880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2016-02-21 13:19 - 2016-01-15 23:08 - 01174008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2016-02-21 13:19 - 2016-01-15 23:08 - 00440152 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2016-02-21 13:19 - 2016-01-15 22:46 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbser.sys
2016-02-21 13:19 - 2016-01-15 22:45 - 16986112 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2016-02-21 13:19 - 2016-01-15 22:44 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2016-02-21 13:19 - 2016-01-15 22:44 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\rasadhlp.dll
2016-02-21 13:19 - 2016-01-15 22:44 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\rastlsext.dll
2016-02-21 13:19 - 2016-01-15 22:43 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\winhttpcom.dll
2016-02-21 13:19 - 2016-01-15 22:42 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\MapsBtSvc.dll
2016-02-21 13:19 - 2016-01-15 22:42 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\sscoreext.dll
2016-02-21 13:19 - 2016-01-15 22:41 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe
2016-02-21 13:19 - 2016-01-15 22:40 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\rasauto.dll
2016-02-21 13:19 - 2016-01-15 22:40 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\pcaui.exe
2016-02-21 13:19 - 2016-01-15 22:40 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\rasautou.exe
2016-02-21 13:19 - 2016-01-15 22:39 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\FilterDS.dll
2016-02-21 13:19 - 2016-01-15 22:38 - 07979008 _____ (Microsoft Corporation) C:\Windows\system32\mos.dll
2016-02-21 13:19 - 2016-01-15 22:38 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2016-02-21 13:19 - 2016-01-15 22:38 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\SimCfg.dll
2016-02-21 13:19 - 2016-01-15 22:38 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\winbio.dll
2016-02-21 13:19 - 2016-01-15 22:37 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
2016-02-21 13:19 - 2016-01-15 22:37 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\DisplayManager.dll
2016-02-21 13:19 - 2016-01-15 22:37 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll
2016-02-21 13:19 - 2016-01-15 22:37 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\SMSRouter.dll
2016-02-21 13:19 - 2016-01-15 22:36 - 00638464 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2016-02-21 13:19 - 2016-01-15 22:36 - 00475648 _____ (Microsoft Corporation) C:\Windows\system32\DDDS.dll
2016-02-21 13:19 - 2016-01-15 22:36 - 00221696 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-02-21 13:19 - 2016-01-15 22:36 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\SimAuth.dll
2016-02-21 13:19 - 2016-01-15 22:36 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastlsext.dll
2016-02-21 13:19 - 2016-01-15 22:35 - 13018624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2016-02-21 13:19 - 2016-01-15 22:35 - 00383488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-02-21 13:19 - 2016-01-15 22:35 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasadhlp.dll
2016-02-21 13:19 - 2016-01-15 22:34 - 00610816 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2016-02-21 13:19 - 2016-01-15 22:34 - 00590848 _____ (Microsoft Corporation) C:\Windows\system32\SmsRouterSvc.dll
2016-02-21 13:19 - 2016-01-15 22:34 - 00477696 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-02-21 13:19 - 2016-01-15 22:34 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2016-02-21 13:19 - 2016-01-15 22:34 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttpcom.dll
2016-02-21 13:19 - 2016-01-15 22:33 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\wlidcli.dll
2016-02-21 13:19 - 2016-01-15 22:33 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-02-21 13:19 - 2016-01-15 22:33 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapsBtSvc.dll
2016-02-21 13:19 - 2016-01-15 22:32 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\wbiosrvc.dll
2016-02-21 13:19 - 2016-01-15 22:32 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pcaui.exe
2016-02-21 13:19 - 2016-01-15 22:31 - 00851456 _____ (Microsoft Corporation) C:\Windows\system32\MapsStore.dll
2016-02-21 13:19 - 2016-01-15 22:31 - 00794112 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-02-21 13:19 - 2016-01-15 22:31 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\CredProvDataModel.dll
2016-02-21 13:19 - 2016-01-15 22:31 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\SensorsApi.dll
2016-02-21 13:19 - 2016-01-15 22:31 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasautou.exe
2016-02-21 13:19 - 2016-01-15 22:30 - 02127360 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-02-21 13:19 - 2016-01-15 22:30 - 01053696 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-02-21 13:19 - 2016-01-15 22:30 - 00784384 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-02-21 13:19 - 2016-01-15 22:30 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SimCfg.dll
2016-02-21 13:19 - 2016-01-15 22:30 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winbio.dll
2016-02-21 13:19 - 2016-01-15 22:29 - 01500672 _____ (Microsoft Corporation) C:\Windows\system32\RecoveryDrive.exe
2016-02-21 13:19 - 2016-01-15 22:29 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DisplayManager.dll
2016-02-21 13:19 - 2016-01-15 22:28 - 02624512 _____ (Microsoft Corporation) C:\Windows\system32\InputService.dll
2016-02-21 13:19 - 2016-01-15 22:28 - 01318912 _____ (Microsoft Corporation) C:\Windows\system32\wifinetworkmanager.dll
2016-02-21 13:19 - 2016-01-15 22:28 - 00884736 _____ (Microsoft Corporation) C:\Windows\system32\rasdlg.dll
2016-02-21 13:19 - 2016-01-15 22:28 - 00129024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SimAuth.dll
2016-02-21 13:19 - 2016-01-15 22:27 - 00335872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-02-21 13:19 - 2016-01-15 22:26 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2016-02-21 13:19 - 2016-01-15 22:26 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\TextInputFramework.dll
2016-02-21 13:19 - 2016-01-15 22:26 - 00260608 _____ C:\Windows\system32\MTFServer.dll
2016-02-21 13:19 - 2016-01-15 22:26 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Core.TextInput.dll
2016-02-21 13:19 - 2016-01-15 22:25 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlidcli.dll
2016-02-21 13:19 - 2016-01-15 22:25 - 00457728 _____ (Microsoft Corporation) C:\Windows\system32\ipnathlp.dll
2016-02-21 13:19 - 2016-01-15 22:25 - 00235008 _____ C:\Windows\system32\MTF.dll
2016-02-21 13:19 - 2016-01-15 22:24 - 02057216 _____ (Microsoft Corporation) C:\Windows\system32\wlidsvc.dll
2016-02-21 13:19 - 2016-01-15 22:24 - 00613888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-02-21 13:19 - 2016-01-15 22:24 - 00350720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CredProvDataModel.dll
2016-02-21 13:19 - 2016-01-15 22:24 - 00273408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SensorsApi.dll
2016-02-21 13:19 - 2016-01-15 22:23 - 02050048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-02-21 13:19 - 2016-01-15 22:23 - 00687616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-02-21 13:19 - 2016-01-15 22:21 - 06297088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mos.dll
2016-02-21 13:19 - 2016-01-15 22:20 - 07199232 _____ (Microsoft Corporation) C:\Windows\system32\BingMaps.dll
2016-02-21 13:19 - 2016-01-15 22:20 - 02597888 _____ (Microsoft Corporation) C:\Windows\system32\NetworkMobileSettings.dll
2016-02-21 13:19 - 2016-01-15 22:20 - 01944576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputService.dll
2016-02-21 13:19 - 2016-01-15 22:20 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdlg.dll
2016-02-21 13:19 - 2016-01-15 22:19 - 00733184 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2016-02-21 13:19 - 2016-01-15 22:19 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TextInputFramework.dll
2016-02-21 13:19 - 2016-01-15 22:19 - 00162816 _____ C:\Windows\SysWOW64\MTF.dll
2016-02-21 13:19 - 2016-01-15 22:19 - 00133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Core.TextInput.dll
2016-02-21 13:19 - 2016-01-15 22:18 - 01674240 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-02-21 13:19 - 2016-01-15 22:17 - 05503488 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2016-02-21 13:19 - 2016-01-15 22:16 - 05202944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingMaps.dll
2016-02-21 13:19 - 2016-01-15 22:16 - 01542656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-02-21 13:19 - 2016-01-15 22:15 - 04759040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2016-02-21 13:19 - 2016-01-15 22:14 - 01946624 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2016-02-21 13:19 - 2016-01-15 22:14 - 01626624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2016-02-21 13:19 - 2016-01-15 22:11 - 00653312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
2016-02-20 20:47 - 2016-02-27 19:29 - 00002336 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-20 20:47 - 2016-02-27 19:29 - 00002330 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-20 20:46 - 2016-02-29 18:51 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-20 20:46 - 2016-02-29 16:34 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-20 20:46 - 2016-02-20 21:20 - 00000000 ____D C:\Users\Dylan Chase\AppData\Local\Google
2016-02-20 20:46 - 2016-02-20 20:47 - 00000000 ____D C:\Program Files (x86)\Google
2016-02-20 20:46 - 2016-02-20 20:46 - 00003998 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-20 20:46 - 2016-02-20 20:46 - 00003766 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-20 20:32 - 2016-02-20 20:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\M-Audio
2016-02-20 20:32 - 2016-02-20 20:32 - 00000000 ____D C:\ProgramData\M-Audio
2016-02-20 20:32 - 2016-02-20 20:32 - 00000000 ____D C:\Program Files\M-Audio
2016-02-20 20:24 - 2016-02-20 20:24 - 00000000 ____D C:\Program Files\Common Files\logishrd
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-29 16:55 - 2015-10-30 00:21 - 00000000 ____D C:\Windows\INF
2016-02-29 16:38 - 2016-01-05 12:09 - 00879220 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-29 16:33 - 2016-01-05 12:08 - 00000000 ____D C:\ProgramData\NVIDIA
2016-02-29 16:33 - 2016-01-05 12:00 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-29 16:33 - 2015-10-29 23:28 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-02-29 16:19 - 2016-01-05 12:04 - 00000000 ____D C:\Users\Dylan Chase\AppData\Local\Packages
2016-02-29 16:19 - 2015-10-30 00:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-29 16:19 - 2015-10-30 00:24 - 00000000 ____D C:\Windows\AppReadiness
2016-02-29 16:03 - 2016-01-05 18:27 - 00004180 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{40A43E46-EB59-47EA-BDC4-A591BA3BAD47}
2016-02-28 20:35 - 2016-01-05 12:11 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-02-27 19:35 - 2016-01-05 12:04 - 00000000 ____D C:\Users\Dylan Chase\AppData\Local\VirtualStore
2016-02-27 19:29 - 2016-01-05 18:12 - 00002183 _____ C:\Users\Dylan Chase\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ultimate Windows Tweaker 4.0.2.0..lnk
2016-02-27 19:29 - 2016-01-05 18:12 - 00001891 _____ C:\Users\Dylan Chase\Desktop\Ultimate Windows Tweaker 4.0.2.0..lnk
2016-02-27 19:29 - 2016-01-05 17:56 - 00001931 _____ C:\Users\Dylan Chase\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Games.lnk
2016-02-27 19:29 - 2016-01-05 16:57 - 00002523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-02-27 19:29 - 2016-01-05 16:57 - 00001816 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-02-27 19:29 - 2016-01-05 16:53 - 00001137 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-02-27 19:29 - 2016-01-05 12:25 - 00001063 _____ C:\Users\Public\Desktop\MiniTool Partition Wizard Free.lnk
2016-02-27 19:29 - 2016-01-05 12:15 - 00002128 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2016-02-27 19:29 - 2016-01-05 12:06 - 00002383 _____ C:\Users\Dylan Chase\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-02-27 19:28 - 2015-10-30 02:03 - 00000000 ____D C:\Windows\SKB
2016-02-27 18:43 - 2015-07-15 20:48 - 00000000 ___HD C:\Users\Dylan Chase\AppData\Local\Hc4gIqk8
2016-02-27 15:56 - 2015-10-30 00:24 - 00000000 ____D C:\Windows\system32\NDF
2016-02-27 15:28 - 2016-01-05 18:26 - 00000000 ____D C:\Users\Dylan Chase\AppData\Roaming\vlc
2016-02-24 22:34 - 2016-01-05 12:04 - 00000000 ____D C:\Users\Dylan Chase
2016-02-24 18:26 - 2016-01-05 16:57 - 00000000 ____D C:\Users\Dylan Chase\AppData\Roaming\Apple Computer
2016-02-24 13:18 - 2015-10-30 00:24 - 00000000 ____D C:\Windows\rescache
2016-02-21 14:59 - 2016-01-05 12:04 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-02-21 14:58 - 2015-10-30 02:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-21 14:58 - 2015-10-30 00:24 - 00000000 ___SD C:\Windows\system32\F12
2016-02-21 14:58 - 2015-10-30 00:24 - 00000000 ___RD C:\Windows\PurchaseDialog
2016-02-21 14:58 - 2015-10-30 00:24 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2016-02-21 14:58 - 2015-10-30 00:24 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2016-02-21 14:58 - 2015-10-30 00:24 - 00000000 ____D C:\Windows\system32\oobe
2016-02-21 14:58 - 2015-10-30 00:24 - 00000000 ____D C:\Windows\system32\appraiser
2016-02-21 14:58 - 2015-10-30 00:24 - 00000000 ____D C:\Windows\bcastdvr
2016-02-21 14:57 - 2015-10-30 00:24 - 00000000 ____D C:\Windows\LiveKernelReports
2016-02-21 14:42 - 2016-01-05 12:06 - 00000000 ___RD C:\Users\Dylan Chase\OneDrive
2016-02-21 14:11 - 2015-10-30 00:11 - 00000000 ____D C:\Windows\CbsTemp
2016-02-21 13:27 - 2016-01-05 12:11 - 00000000 ____D C:\Windows\system32\MRT
2016-02-20 20:40 - 2016-01-05 17:36 - 00000000 ____D C:\Windows\System32\Tasks\Games
2016-02-03 12:01 - 2015-10-30 00:26 - 00828920 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-03 12:01 - 2015-10-30 00:26 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2011-07-25 02:48 - 2011-07-25 02:48 - 0074293 _____ () C:\Users\Dylan Chase\AppData\Roaming\Setup.1.2.exe
2016-01-05 18:16 - 2016-01-05 18:16 - 0000017 _____ () C:\Users\Dylan Chase\AppData\Local\resmon.resmoncfg
2016-02-29 16:55 - 2016-02-29 16:55 - 0000017 _____ () C:\ProgramData\adaware-installer-reboot-required.tmp
2016-01-05 18:10 - 2016-01-15 22:21 - 0019535 _____ () C:\ProgramData\empty.ico
 
Some files in TEMP:
====================
C:\Users\Dylan Chase\AppData\Local\Temp\Auto-Tune_evo.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-28 12:34
 
==================== End of FRST.txt ============================

Attached Files


Edited by ericgerard, 29 February 2016 - 11:31 PM.


BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:36 AM

Posted 01 March 2016 - 08:02 AM

Hello ericgerard and Welcome to the BleepingComputer. :welcome:
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks

 

Going over your logs I noticed that you have BitTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall BitTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

 

BitTorrent
Contextual Tool Yourprofitclub

 

PC Restart.

=========================================================================================

 

Please go to: VirusTotal
On the page you'll find a "Choose File" button.
Click on the Choose File button.
In the Choose File to Upload window which opens, copy and paste this into the File Name box.
 
C:\Windows\SysWOW64\TmpA173974546
 
Next, click the Open button.
Then click the "Scan It!" button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analyzed: click Reanalyze file now
Once scanned, copy and paste the link to the results page in your next reply.

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 ericgerard

ericgerard
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 01 March 2016 - 02:16 PM

Thanks olgun52 for your help!

 

So I tried to removed yourprofitclub from add or remove programs but for some reason it isn't going away. It says "unavailable" next to it. I'm guessing the file is already gone then?

 

Here is that link:

https://www.virustotal.com/en/file/331407afd68602fbc65ab998b0f5f022b8ad4584f7be689aa92d9ac174eee4a5/analysis/1456859596/



#4 olgun52

olgun52

  • Malware Response Team
  • 3,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:36 AM

Posted 01 March 2016 - 07:26 PM

Hi again,

 

''I'm guessing the file is already gone then?''
i hopefully.

=================================================================

 

Step 1:
 FRST Script:
 Please download this attached  Attached File  Fixlist.txt   3.5KB   8 downloads and save it in the same directory as FRST

  • Close any open browsers or any other programs that are open
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Step 2:

Scan with Zemana AntiMalware Free:

  • Turn off the real time scanner of any existing antivirus and firewall programs while performing scan
  • Please download and install Zemana AntiMalware Free
  • Double-click software shortcut on the desktop and follow the prompts to install the program .
  • If an update is available, click the Update now button.
  • At the end Click Settings > Advanced > ''I have read the warning an wish to proceed anyway'' Click
  • Auto Launch > Untick the box next
  • Scan type > Smart scan (Default)
  • Close all open files, folders and browsers
  • Click scan now ''Run as Administrator'' and a threat Scan will begin.
  • When the scan is complete, Press report and send me report.
  • Please PC restart now.

Have a nice day.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 ericgerard

ericgerard
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 01 March 2016 - 10:59 PM

Hi again,

 

Here is the fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:27-02-2016
Ran by Dylan Chase (2016-03-01 20:30:27) Run:1
Running from C:\Users\Dylan Chase\Downloads
Loaded Profiles: Dylan Chase (Available Profiles: Dylan Chase)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
 
start
Task: {35642B8D-C248-449E-9DC2-609244984262} - \MAXDriverUpdaterRunAtStartup -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\Dylan Chase\Cookies:4ezgHGrFheFz3WlaFaKZmpddfp
AlternateDataStreams: C:\Users\Dylan Chase\AppData\Local\Hc4gIqk8:F79unxCgbmPJgyGqDhKjeC5igdV0V
AlternateDataStreams: C:\Users\Dylan Chase\AppData\Local\Temporary Internet Files:PTB1IRBvaVqMnSVevMnf
AlternateDataStreams: C:\Users\Dylan Chase\AppData\Local\Temporary Internet Files:UMWiHSwO3dClCVoHKCs3uMbci
HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-21-2524719536-4119138142-3575954189-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-2524719536-4119138142-3575954189-1001\...\Policies\Explorer: [NoPreviewPane] 0
HKU\S-1-5-21-2524719536-4119138142-3575954189-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2524719536-4119138142-3575954189-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2524719536-4119138142-3575954189-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2524719536-4119138142-3575954189-1001\...\Policies\Explorer: [NoWinkeys] 0
HKU\S-1-5-21-2524719536-4119138142-3575954189-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-2524719536-4119138142-3575954189-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-2524719536-4119138142-3575954189-1001\...\Policies\Explorer: [HideSCANetwork] 0
HKU\S-1-5-21-2524719536-4119138142-3575954189-1001\...\Policies\Explorer: [HideSCAVolume] 0
AutoConfigURL: [S-1-5-21-2524719536-4119138142-3575954189-1001] => hxxp://un-stop.com/wpad.dat?a7375906413a5ef19892da1f09737f4a6809953
ManualProxies: 0hxxp://un-stop.com/wpad.dat?a7375906413a5ef19892da1f09737f4a6809953
HKU\S-1-5-21-2524719536-4119138142-3575954189-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR Profile: C:\Users\Dylan Chase\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Profile: C:\Users\Dylan Chase\AppData\Local\Google\Chrome\User Data\Profile 2
S3 avchv; \SystemRoot\system32\DRIVERS\avchv.sys [X]
R4 gzflt; \??\C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.99.0\gzflt.sys [X]
C:\ProgramData\adaware-installer-reboot-required.tmp
2016-02-28 21:42 - 2016-02-28 21:42 - 00000000 ____D C:\Program Files\Lavasoft
2016-02-28 21:17 - 2016-02-28 21:40 - 02085168 _____ C:\Users\Dylan Chase\Downloads\Adaware_Installer.exe
C:\Users\Dylan Chase\AppData\Local\ElevatedDiagnostics
C:\Users\Dylan Chase\AppData\Roaming\Antares
C:\Users\Dylan Chase\AppData\Roaming\PACE Anti-Piracy
C:\Users\Dylan Chase\AppData\Local\PACE Anti-Piracy
C:\Users\Dylan Chase\AppData\Roaming\Steinberg
2016-02-21 15:54 - 2016-02-21 15:54 - 00000000 ____D C:\Users\Dylan Chase\Tracing
C:\Users\Dylan Chase\AppData\Roaming\Propellerhead Software
C:\Users\Dylan Chase\AppData\Local\Packages
C:\Users\Dylan Chase\AppData\Local\Hc4gIqk8
C:\Users\Dylan Chase\AppData\Roaming\vlc
2011-07-25 02:48 - 2011-07-25 02:48 - 0074293 _____ () C:\Users\Dylan Chase\AppData\Roaming\Setup.1.2.exe
2016-01-05 18:16 - 2016-01-05 18:16 - 0000017 _____ () C:\Users\Dylan Chase\AppData\Local\resmon.resmoncfg
2016-02-29 16:55 - 2016-02-29 16:55 - 0000017 _____ () C:\ProgramData\adaware-installer-reboot-required.tmp
2016-01-05 18:10 - 2016-01-15 22:21 - 0019535 _____ () C:\ProgramData\empty.ico
C:\Users\Dylan Chase\AppData\Local\Temp\Auto-Tune_evo.exe
Emptytemp:
end
 
*****************
 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{35642B8D-C248-449E-9DC2-609244984262}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35642B8D-C248-449E-9DC2-609244984262}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MAXDriverUpdaterRunAtStartup => key not found. 
"C:\Users\Dylan Chase\Cookies" => ":4ezgHGrFheFz3WlaFaKZmpddfp" ADS not found.
C:\Users\Dylan Chase\AppData\Local\Hc4gIqk8 => ":F79unxCgbmPJgyGqDhKjeC5igdV0V" ADS removed successfully.
"C:\Users\Dylan Chase\AppData\Local\Temporary Internet Files" => ":PTB1IRBvaVqMnSVevMnf" ADS not found.
"C:\Users\Dylan Chase\AppData\Local\Temporary Internet Files" => ":UMWiHSwO3dClCVoHKCs3uMbci" ADS not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRecentDocsNetHood => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value removed successfully
"HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore" => key removed successfully
HKU\S-1-5-21-2524719536-4119138142-3575954189-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispAppearancePage => value removed successfully
HKU\S-1-5-21-2524719536-4119138142-3575954189-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoPreviewPane => value removed successfully
HKU\S-1-5-21-2524719536-4119138142-3575954189-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => value removed successfully
HKU\S-1-5-21-2524719536-4119138142-3575954189-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => value removed successfully
HKU\S-1-5-21-2524719536-4119138142-3575954189-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value removed successfully
HKU\S-1-5-21-2524719536-4119138142-3575954189-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWinkeys => value removed successfully
HKU\S-1-5-21-2524719536-4119138142-3575954189-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => value removed successfully
HKU\S-1-5-21-2524719536-4119138142-3575954189-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => value removed successfully
HKU\S-1-5-21-2524719536-4119138142-3575954189-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCANetwork => value removed successfully
HKU\S-1-5-21-2524719536-4119138142-3575954189-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAVolume => value removed successfully
HKU\S-1-5-21-2524719536-4119138142-3575954189-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully
"HKU\S-1-5-21-2524719536-4119138142-3575954189-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
CHR Profile: C:\Users\Dylan Chase\AppData\Local\Google\Chrome\User Data\Profile 1 => Error: No automatic fix found for this entry.
CHR Profile: C:\Users\Dylan Chase\AppData\Local\Google\Chrome\User Data\Profile 2 => Error: No automatic fix found for this entry.
avchv => service removed successfully
gzflt => Unable to stop service.
gzflt => service removed successfully
C:\ProgramData\adaware-installer-reboot-required.tmp => moved successfully
C:\Program Files\Lavasoft => moved successfully
C:\Users\Dylan Chase\Downloads\Adaware_Installer.exe => moved successfully
C:\Users\Dylan Chase\AppData\Local\ElevatedDiagnostics => moved successfully
C:\Users\Dylan Chase\AppData\Roaming\Antares => moved successfully
C:\Users\Dylan Chase\AppData\Roaming\PACE Anti-Piracy => moved successfully
C:\Users\Dylan Chase\AppData\Local\PACE Anti-Piracy => moved successfully
C:\Users\Dylan Chase\AppData\Roaming\Steinberg => moved successfully
C:\Users\Dylan Chase\Tracing => moved successfully
C:\Users\Dylan Chase\AppData\Roaming\Propellerhead Software => moved successfully
 
"C:\Users\Dylan Chase\AppData\Local\Packages" folder move:
 
Could not move "C:\Users\Dylan Chase\AppData\Local\Packages" => Scheduled to move on reboot.
 
C:\Users\Dylan Chase\AppData\Local\Hc4gIqk8 => moved successfully
C:\Users\Dylan Chase\AppData\Roaming\vlc => moved successfully
C:\Users\Dylan Chase\AppData\Roaming\Setup.1.2.exe => moved successfully
C:\Users\Dylan Chase\AppData\Local\resmon.resmoncfg => moved successfully
"C:\ProgramData\adaware-installer-reboot-required.tmp" => not found.
C:\ProgramData\empty.ico => moved successfully
C:\Users\Dylan Chase\AppData\Local\Temp\Auto-Tune_evo.exe => moved successfully
EmptyTemp: => 931 MB temporary data Removed.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-03-01 20:31:39)
 
C:\Users\Dylan Chase\AppData\Local\Packages => Is moved successfully
 
==== End of Fixlog 20:31:39 ====

 

And the Zemana report:

 

Zemana AntiMalware 2.19.2.904 (Installed)
 
-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2016/3/1
Operating System       : Windows 10 64-bit
Processor              : 8X Intel® Core™ i7-4770 CPU @ 3.40GHz
BIOS Mode              : UEFI
CUID                   : 007DA21722B1244DB68398
Scan Type              : Smart Scan
Duration               : 0m 16s
Scanned Objects        : 4635
Detected Objects       : 0
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Yes
Include All Extensions : No
Scan Documents         : No
Domain Info            : WORKGROUP,0,2
 
Detected Objects
-------------------------------------------------------
 
There are no detected objects


#6 olgun52

olgun52

  • Malware Response Team
  • 3,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:36 AM

Posted 02 March 2016 - 12:38 PM

Thank you.

 

Step 1:
 Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete or Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 2:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 3:

Please download ZHPcleaner to your desktop.

  • Double click on ZHPCleaner to run the tool.
  • If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click ZHPCleaner and select "Run as Administrator".
  • Please klick Ashampoo_Snap_20140819_13h09m50s_001__zp
  • Then press ''Repair'' button.
  • Browsers will automatically shut down.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.

Step 4:

  • Temporarily disable your Antivirus protection - if you don't know how to do that, please consult the article below.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

  • Please download ZOEK and save it to your desktop (preferred version is the *.exe one - upper left corner).

http://hijackthis.nl/smeenk/

  • Attached to this message you will find a file called zoekscript

txt.gif  zoekscript.txt   188bytes   19 downloads

  • Download it too and save to your desktop - _it needs to be in the same location as the ZOEK tool
  • Drag zoekscript file and drop it onto ZOEK icon - this should launch the program:
  • The scan may take a while and may need a reboot.
  • Upon completion a file zoek-results should appear.
  • Attach it for my review.

Step 5:

  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Attach the report to your reply
  • Close the program then click Close

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 ericgerard

ericgerard
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 05 March 2016 - 12:12 AM

Thanks! Here are the logs:

 

AdwCleaner:

 

# AdwCleaner v5.037 - Logfile created 04/03/2016 at 17:12:20
# Updated 28/02/2016 by Xplode
# Database : 2016-02-28.2 [Local]
# Operating system : Windows 10 Pro  (x64)
# Username : Dylan Chase - DESKTOP-V76A57U
# Running from : C:\Users\Dylan Chase\Desktop\adwcleaner_5.037.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : Bubble Suite Update
 
***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Software\Store
[-] Key Deleted : HKCU\Software\WTools
[-] Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
[-] Key Deleted : HKLM\SOFTWARE\WIN
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Dylan Chase\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www-searching.com/?pid=s&s=G2Szliubl0fg1,9da06795-4fb3-4118-a594-01d12bfe74cc,&vp=ch&prd=set_ch
[-] [C:\Users\Dylan Chase\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : hxxp://www-searching.com/search.aspx?site=shyos&prd=set_ch&q={searchTerms}&s=G2Szliubl0fg1,9da06795-4fb3-4118-a594-01d12bfe74cc,
[-] [C:\Users\Dylan Chase\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : booedmolknjekdopkepjjeckmjkdpfgl
[-] [C:\Users\Dylan Chase\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : flpcjncodpafbgdpnkljologafpionhb
[-] [C:\Users\Dylan Chase\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://www-searching.com/?pid=s&s=G2Szliubl0fg1,9da06795-4fb3-4118-a594-01d12bfe74cc,&vp=ch&prd=set_ch
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [1920 bytes] - [04/03/2016 17:12:20]
C:\AdwCleaner\AdwCleaner[S1].txt - [2889 bytes] - [29/02/2016 16:38:31]
C:\AdwCleaner\AdwCleaner[S2].txt - [2851 bytes] - [29/02/2016 21:15:09]
C:\AdwCleaner\AdwCleaner[S3].txt - [2069 bytes] - [03/03/2016 19:33:30]
C:\AdwCleaner\AdwCleaner[S4].txt - [2142 bytes] - [04/03/2016 17:11:54]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2285 bytes] ##########
 
 
JRT:
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 10 Pro x64 
Ran by Dylan Chase (Administrator) on Fri 03/04/2016 at 17:15:40.60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
File System: 0 
 
Registry: 0 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 03/04/2016 at 17:16:18.26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
ZHPCleaner:
 

~ ZHPCleaner v2016.3.2.36 by Nicolas Coolman (2016/03/02)
~ Run by Dylan Chase (Administrator)  (04/03/2016 17:18:06)
~ State version : Version OK
~ Type : Scan
~ Report : C:\Users\Dylan Chase\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Dylan Chase\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Pro, 64-bit  (Build 10586)
 
 
---\\  Services (0)
~ No malicious or unnecessary items found.
 
 
---\\  Browser internet (0)
~ No malicious or unnecessary items found.
 
 
---\\  Hosts file (1)
~ The hosts file is legitimate (21)
 
 
---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.
 
 
---\\  Explorer ( File, Folder) (0)
~ No malicious or unnecessary items found.
 
 
---\\  Registry ( Key, Value, Data) (0)
~ No malicious or unnecessary items found.
 
 
---\\ Result of repair
~ Any repair made
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)
 
 
---\\ Statistics
~ Items scanned : 84372
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 0
 
 
~ End of search in 00h02mn19s
===================
ZHPCleaner-[S]-04032016-17_20_25.txt
 
 
I've attached the other two logs as attachments

 

Attached Files



#8 olgun52

olgun52

  • Malware Response Team
  • 3,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:36 AM

Posted 05 March 2016 - 07:16 PM

Step 1:

  • Download and extract Malwarebytes Anti-Rootkit from here mbar-1.09.1.1004.zip and save it to your desktop.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
  • Double-click mbar.exe inside the mbar folder then click 'Next'.
  • Note: Malwarebytes Anti-Rootkit requires administrative privileges to function properly.
  • Click 'Update'.
  • When finished updating, click 'Next' then 'Scan'.
  • If you are told you have the 'AppInit_Dlls rootkit', choose not to fix it and proceed with the scan.
  • With some infections, you may see two messages boxes:
    • 'Could not load protection driver'. Click 'OK'.
    • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart, then continue with the rest of these instructions.
  • If malware is found, do NOT press the 'Cleanup' button yet. Click 'Exit'.
  • Please zip and attach the two log files created by the tool within the folder from which it was run.

The logs will be named mbar-log-YYYY-MM-DD (##-##-##).txt and system-log.txt

 

Step 2:

 

Please download and run RogueKiller  32/64 bit to your desktop

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)

 

Step 3:

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

===============================================================

How is the machine running now and any issues ? Please let me know.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#9 ericgerard

ericgerard
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 09 March 2016 - 09:35 PM

Thank you so much for your help. My computer is cleaned. I haven't had a browser redirect episode for several days now!

 

Cheers



#10 olgun52

olgun52

  • Malware Response Team
  • 3,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:36 AM

Posted 10 March 2016 - 06:08 PM

I'm glad the problem is solved. Don't you want to continue?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users