Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hitman Pro needed to complete getting rid of startpageing123 but trial expired


  • This topic is locked This topic is locked
6 replies to this topic

#1 andreasi

andreasi

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 17 March 2017 - 05:23 PM

Hey, does anyone know what I should do? Basically I've completed all the steps from How to remove startpageing123 browser hacker, and the last step was to run Hitman Pro. Unfortunately I have already previously used the program and completed the trial, which means I can't complete the process without buying Hitman Pro for which I don't have the money.



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,573 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:41 AM

Posted 18 March 2017 - 10:37 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===


Please post the logs.

Wait for further instructions.

#3 andreasi

andreasi
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 18 March 2017 - 02:40 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===


Please post the logs.

Wait for further instructions.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by nanna (administrator) on DESKTOP-0DTSODI (18-03-2017 21:32:15)
Running from C:\Users\nanna\Downloads
Loaded Profiles: nanna (Available Profiles: nanna)
Platform: Windows 10 Home Version 1607 (X64) Language: suomi (Suomi)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.2.5.541\AsusWSWinService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
() C:\Program Files (x86)\REALTEK\Realtek Bluetooth Filter ONLY\BTDevMgr.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(LULU SOFTWARE LIMITED) C:\Program Files\Soda PDF 8\ws.exe
(LULU SOFTWARE LIMITED) C:\Program Files\Soda PDF 8\crash-handler-ws.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Spotify Ltd) C:\Users\nanna\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.2.5.541\AsusWSPanel.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Microsoft Corporation) C:\Windows\System32\mfpmp.exe
(Microsoft Corporation) C:\Windows\System32\mfpmp.exe
(Microsoft Corporation) C:\Windows\System32\mfpmp.exe
(Microsoft Corporation) C:\Windows\System32\mfpmp.exe
(Microsoft Corporation) C:\Windows\System32\mfpmp.exe
(Microsoft Corporation) C:\Windows\System32\mfpmp.exe
(Microsoft Corporation) C:\Windows\System32\mfpmp.exe
(Microsoft Corporation) C:\Windows\System32\mfpmp.exe
(Microsoft Corporation) C:\Windows\System32\mfpmp.exe
(Microsoft Corporation) C:\Windows\System32\mfpmp.exe
(Microsoft Corporation) C:\Windows\System32\mfpmp.exe
(Microsoft Corporation) C:\Windows\System32\mfpmp.exe
(Microsoft Corporation) C:\Windows\System32\mfpmp.exe
(Microsoft Corporation) C:\Windows\System32\mfpmp.exe
(Microsoft Corporation) C:\Windows\System32\mfpmp.exe
(Microsoft Corporation) C:\Windows\System32\mfpmp.exe
(Microsoft Corporation) C:\Windows\System32\mfpmp.exe
(Microsoft Corporation) C:\Windows\System32\mfpmp.exe
(Microsoft Corporation) C:\Windows\System32\mfpmp.exe
(Microsoft Corporation) C:\Windows\System32\mfpmp.exe
(Microsoft Corporation) C:\Windows\System32\mfpmp.exe
(Microsoft Corporation) C:\Windows\System32\mfpmp.exe
(Microsoft Corporation) C:\Windows\System32\mfpmp.exe
(Microsoft Corporation) C:\Windows\System32\mfpmp.exe
(Microsoft Corporation) C:\Windows\System32\mfpmp.exe
(Microsoft Corporation) C:\Windows\System32\mfpmp.exe
(Microsoft Corporation) C:\Windows\System32\mfpmp.exe
(Microsoft Corporation) C:\Windows\System32\mfpmp.exe
(Microsoft Corporation) C:\Windows\System32\mfpmp.exe
(Microsoft Corporation) C:\Windows\System32\mfpmp.exe
(Microsoft Corporation) C:\Windows\System32\mfpmp.exe
(Microsoft Corporation) C:\Windows\System32\mfpmp.exe
(Microsoft Corporation) C:\Windows\System32\mfpmp.exe
(Microsoft Corporation) C:\Windows\System32\mfpmp.exe
(Microsoft Corporation) C:\Windows\System32\mfpmp.exe
(Microsoft Corporation) C:\Windows\System32\mfpmp.exe
(Microsoft Corporation) C:\Windows\System32\mfpmp.exe
(Microsoft Corporation) C:\Windows\System32\mfpmp.exe
(Microsoft Corporation) C:\Windows\System32\mfpmp.exe
(Microsoft Corporation) C:\Windows\System32\mfpmp.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-10-21] (Microsoft Corporation)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14471408 2017-03-06] (Copyright 2017.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.2.5.541\ASUSWSLoader.exe [63272 2015-10-22] ()
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [27308304 2017-03-06] (Dropbox, Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2384984 2016-12-09] (Adobe Systems Incorporated)
HKU\S-1-5-21-434370836-2680405139-1572276887-1001\...\Run: [Spotify Web Helper] => C:\Users\nanna\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-03-17] (Spotify Ltd)
HKU\S-1-5-21-434370836-2680405139-1572276887-1001\...\Run: [Spotify] => C:\Users\nanna\AppData\Roaming\Spotify\Spotify.exe [7089776 2017-03-17] (Spotify Ltd)
ShellExecuteHooks: No Name - {83E6080A-DE2B-11E6-82B8-64006A5CFC35} - C:\Users\nanna\AppData\Roaming\Zifuthergcisy\Jqaghchadosy.dll -> No File
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.5.541\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.5.541\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.5.541\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2017-03-18]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
GroupPolicyUsers\S-1-5-21-434370836-2680405139-1572276887-1001\User: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.137.1
Tcpip\..\Interfaces\{2234c145-86e1-4238-9313-b4533da43035}: [DhcpNameServer] 192.168.120.1
Tcpip\..\Interfaces\{fcd98831-0c5c-41d0-827f-25b76e174fb8}: [DhcpNameServer] 192.168.137.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-434370836-2680405139-1572276887-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/fi-fi/?ocid=iehp
SearchScopes: HKU\S-1-5-21-434370836-2680405139-1572276887-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-434370836-2680405139-1572276887-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-09-03] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-434370836-2680405139-1572276887-1001 -> hxxp://www.google.com
FireFox:
========
FF DefaultProfile: ez81rtec.default
FF ProfilePath: C:\Users\nanna\AppData\Roaming\Mozilla\Firefox\Profiles\ez81rtec.default [2017-03-18]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\ez81rtec.default -> youndoo
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\ez81rtec.default -> youndoo
FF Homepage: Mozilla\Firefox\Profiles\ez81rtec.default -> user_pref("browser.startup.homepage", "hxxps://www.malwarebytes.org/restorebrowser/
FF Extension: (Emoji Keyboard) - C:\Users\nanna\AppData\Roaming\Mozilla\Firefox\Profiles\ez81rtec.default\Extensions\@emojikeyboard.xpi [2017-01-22]
FF Extension: (New XKit) - C:\Users\nanna\AppData\Roaming\Mozilla\Firefox\Profiles\ez81rtec.default\Extensions\@new-xkit.xpi [2017-01-22]
FF Extension: (Tumblr Savior) - C:\Users\nanna\AppData\Roaming\Mozilla\Firefox\Profiles\ez81rtec.default\Extensions\jid1-W5guVoyeUR0uBg@jetpack.xpi [2017-01-26]
FF Extension: (Pin It button) - C:\Users\nanna\AppData\Roaming\Mozilla\Firefox\Profiles\ez81rtec.default\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2017-01-26]
FF Extension: (uBlock Origin) - C:\Users\nanna\AppData\Roaming\Mozilla\Firefox\Profiles\ez81rtec.default\Extensions\uBlock0@raymondhill.net.xpi [2017-01-25]
FF Extension: (YouTube High Definition) - C:\Users\nanna\AppData\Roaming\Mozilla\Firefox\Profiles\ez81rtec.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2017-01-25]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-14] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-12-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-14] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-21] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-21] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-21] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-21] (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-08-26] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2014-07-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2014-07-01] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-12-09] (Adobe Systems)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [753240 2016-12-09] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.2.5.541\AsusWSWinService.exe [75264 2015-10-22] (ASUS Cloud Corporation) [File not signed]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth Filter ONLY\BTDevMgr.exe [121560 2015-07-20] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-01] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-01] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46408 2017-01-21] (Dropbox, Inc.)
R2 esifsvc; C:\WINDOWS\SysWoW64\esif_uf.exe [1385640 2015-08-17] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [374360 2016-05-27] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe [174368 2015-04-21] (Intel Corporation)
S2 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5178\wtoolex\wpsupdatesvr.exe [133480 2015-12-04] (Zhuhai Kingsoft Office Software Co.,Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1570520 2016-02-02] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [837848 2016-02-02] (Secunia)
R2 Soda PDF 8; C:\Program Files\Soda PDF 8\ws.exe [2263504 2016-08-26] (LULU SOFTWARE LIMITED)
R2 Soda PDF 8 CrashHandler; C:\Program Files\Soda PDF 8\crash-handler-ws.exe [920016 2016-08-26] (LULU SOFTWARE LIMITED)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-17] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14471408 2017-03-06] (Copyright 2017.)
S2 Chadatainreaqusy; C:\Program Files (x86)\Relgregeck\Versuyrpr.dll [X]
S2 HaaliKingsoft; rundll32.exe "C:\Program Files (x86)\Kingsoft\HaaliKingsoft.dll",soeasy [X]
S4 mccspsvc; "C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AsusSGDrv; C:\WINDOWS\system32\DRIVERS\AsusSGDrv.sys [141304 2015-12-18] (ASUS Corporation)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [55816 2015-08-17] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [53752 2015-08-17] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [261624 2015-08-17] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77408 2017-02-24] ()
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [32152 2017-03-17] ()
R1 HWiNFO32; C:\WINDOWS\SysWoW64\drivers\HWiNFO64A.SYS [27552 2017-01-22] (REALiX™)
S3 iai2ce; C:\WINDOWS\System32\drivers\iai2ce.sys [90112 2015-07-07] (Intel® Corporation)
R3 igfxLP; C:\WINDOWS\system32\DRIVERS\igdkmd64lp.sys [7390816 2016-05-27] (Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [186304 2017-03-18] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [111544 2017-03-18] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-03-18] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251840 2017-03-18] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [92088 2017-03-18] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf_amd64.sys [18456 2016-02-02] (Secunia)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [888064 2015-07-28] (Realtek                                            )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [611080 2015-09-10] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [5144064 2016-07-16] (Realtek Semiconductor Corporation                           )
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [146232 2015-06-26] (Intel Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-03-17] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-03-17] (Zemana Ltd.)
U0 aswVmm; no ImagePath
S3 dbx; system32\DRIVERS\dbx.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-18 21:32 - 2017-03-18 21:33 - 00028198 _____ C:\Users\nanna\Downloads\FRST.txt
2017-03-18 21:32 - 2017-03-18 21:32 - 00000000 ____D C:\FRST
2017-03-18 21:31 - 2017-03-18 21:31 - 02424832 _____ (Farbar) C:\Users\nanna\Downloads\FRST64.exe
2017-03-18 21:30 - 2017-03-18 21:31 - 01766912 _____ (Farbar) C:\Users\nanna\Downloads\FRST.exe
2017-03-18 00:39 - 2017-03-18 00:39 - 04002104 _____ (Secunia) C:\Users\nanna\Downloads\PSISetup.exe
2017-03-18 00:39 - 2017-03-18 00:39 - 00001144 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2017-03-18 00:39 - 2017-03-18 00:39 - 00000000 ____D C:\Program Files (x86)\Secunia
2017-03-17 23:59 - 2017-03-17 23:59 - 00032152 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2017-03-17 23:58 - 2017-03-17 23:58 - 09741664 _____ (SurfRight B.V.) C:\Users\nanna\Downloads\HitmanPro_x64 (1).exe
2017-03-17 23:53 - 2017-03-18 21:32 - 00990293 _____ C:\WINDOWS\ZAM.krnl.trace
2017-03-17 23:53 - 2017-03-18 21:32 - 00120391 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-03-17 23:38 - 2017-03-17 23:39 - 04031440 _____ C:\Users\nanna\Downloads\AdwCleaner (1).exe
2017-03-17 23:24 - 2017-03-17 23:25 - 11581544 _____ (SurfRight B.V.) C:\Users\nanna\Downloads\HitmanPro_x64.exe
2017-03-17 23:23 - 2017-03-17 23:23 - 00465536 _____ (Bleeping Computer, LLC) C:\Users\nanna\Downloads\sc-cleaner.exe
2017-03-17 23:23 - 2017-03-17 23:23 - 00005798 _____ C:\Users\nanna\Desktop\sc-cleaner.txt
2017-03-17 23:23 - 2017-03-17 23:23 - 00000000 ____D C:\Users\nanna\Desktop\sc-cleaner
2017-03-17 23:22 - 2017-03-17 23:51 - 00000000 ____D C:\AdwCleaner
2017-03-17 23:22 - 2017-03-17 23:22 - 04031440 _____ C:\Users\nanna\Downloads\AdwCleaner.exe
2017-03-17 23:20 - 2017-03-17 23:20 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-03-17 23:20 - 2017-03-17 23:20 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-03-17 23:20 - 2017-03-17 23:20 - 00001219 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-03-17 23:20 - 2017-03-17 23:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-03-17 23:20 - 2017-03-17 23:20 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-03-17 23:19 - 2017-03-17 23:19 - 05755024 _____ (Zemana Ltd. ) C:\Users\nanna\Downloads\Zemana.AntiMalware.Setup.exe
2017-03-17 23:19 - 2017-03-17 23:19 - 00000000 ____D C:\Users\nanna\AppData\Local\Zemana
2017-03-17 23:15 - 2017-03-17 23:18 - 00003912 _____ C:\Users\nanna\Desktop\Rkill.txt
2017-03-17 23:15 - 2017-03-17 23:15 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\nanna\Downloads\rkill.exe
2017-03-17 23:15 - 2017-03-17 23:15 - 00000000 ____D C:\Users\nanna\Desktop\rkill
2017-03-17 21:26 - 2017-03-18 17:10 - 00092088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-03-17 21:26 - 2017-03-18 02:13 - 00186304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-03-17 21:26 - 2017-03-18 02:13 - 00111544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-03-17 21:26 - 2017-03-18 02:13 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-03-17 21:25 - 2017-03-18 02:13 - 00251840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-17 21:25 - 2017-03-17 21:25 - 00001874 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-17 21:25 - 2017-03-17 21:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-17 21:25 - 2017-03-17 21:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-17 21:25 - 2017-03-17 21:25 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-17 21:25 - 2017-02-24 06:23 - 00077408 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-03-17 21:24 - 2017-03-17 21:25 - 57131432 _____ (Malwarebytes ) C:\Users\nanna\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-17 15:44 - 2017-03-17 15:44 - 00000000 ____D C:\Program Files (x86)\58CBE857_cacayima
2017-03-17 15:44 - 2017-03-17 15:44 - 00000000 ____D C:\Program Files (x86)\58CBE82D_cacayima
2017-03-17 15:43 - 2017-03-17 15:43 - 00000000 ____D C:\Program Files (x86)\58CBE7F4_cacayima
2017-03-16 23:18 - 2017-03-16 23:18 - 00000000 ____D C:\Program Files (x86)\58CB0126_cacayima
2017-03-16 23:17 - 2017-03-17 21:30 - 00000000 ____D C:\Program Files\wwchromek4
2017-03-16 01:09 - 2017-03-16 01:09 - 00000000 ____D C:\Users\nanna\AppData\Local\Tempzxpsignee42c8a5bf6e0df8
2017-03-16 01:09 - 2017-03-16 01:09 - 00000000 ____D C:\Users\nanna\AppData\Local\Tempzxpsigndd4cf38b0745b6d7
2017-03-15 21:02 - 2017-03-15 21:02 - 00000000 ____D C:\Program Files (x86)\58C98FDE_cacayima
2017-03-15 21:01 - 2017-03-17 23:36 - 00000104 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-15 21:01 - 2017-03-16 23:18 - 00002001 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-03-15 21:01 - 2017-03-15 21:01 - 00000000 ____D C:\Program Files (x86)\58C98F9B_cacayima
2017-03-14 15:54 - 2017-03-14 15:54 - 00000000 ____D C:\Program Files (x86)\58C7F604_cacayima
2017-03-14 15:53 - 2017-03-17 13:42 - 00000000 ____D C:\Program Files (x86)\n1
2017-03-13 16:25 - 2017-03-13 16:25 - 00000000 ____D C:\Program Files (x86)\58C6ABBF_cacayima
2017-03-10 14:56 - 2017-03-10 14:56 - 00000000 ____D C:\Program Files (x86)\58C2A292_cacayima
2017-03-09 21:31 - 2017-03-09 21:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-03-09 16:09 - 2017-03-17 15:44 - 00000000 ____D C:\Program Files (x86)\deskapp
2017-03-09 16:09 - 2017-03-09 16:09 - 00000000 ____D C:\Program Files (x86)\58C16237_cacayima
2017-03-08 16:17 - 2017-03-08 16:17 - 00000000 ____D C:\Program Files (x86)\58C0126B_cacayima
2017-03-07 20:06 - 2017-03-07 20:06 - 00000000 ____D C:\Program Files (x86)\58BEF689_cacayima
2017-03-06 22:50 - 2017-03-06 22:50 - 00046184 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-03-02 15:16 - 2017-03-02 15:16 - 01129376 _____ (Google Inc.) C:\Users\nanna\Downloads\ChromeSetup (1).exe
2017-03-02 13:56 - 2017-03-02 13:59 - 145223960 _____ (Microsoft Corporation) C:\Users\nanna\Downloads\msert.exe
2017-03-01 17:04 - 2017-03-17 23:00 - 00002060 _____ C:\Users\nanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-03-01 17:04 - 2017-03-17 23:00 - 00001940 _____ C:\Users\Public\Desktop\Internet Explorer.lnk
2017-03-01 17:04 - 2017-03-17 15:45 - 00000000 _____ C:\WINDOWS\SysWOW64\4
2017-03-01 17:04 - 2017-03-17 15:45 - 00000000 _____ C:\WINDOWS\SysWOW64\3
2017-02-17 20:07 - 2017-02-17 20:07 - 00447415 _____ C:\Users\nanna\Downloads\3cNPBjNk.htm
2017-02-17 10:56 - 2017-03-17 23:51 - 00000000 ____D C:\WINDOWS\system32\log
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-18 21:27 - 2016-10-21 02:24 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-18 18:26 - 2016-10-01 20:03 - 00000184 _____ C:\Users\nanna\AppData\Roaming\sp_data.sys
2017-03-18 02:20 - 2016-07-17 00:10 - 01447784 _____ C:\WINDOWS\system32\perfh00B.dat
2017-03-18 02:20 - 2016-07-17 00:10 - 00389200 _____ C:\WINDOWS\system32\perfc00B.dat
2017-03-18 02:20 - 2015-12-04 18:16 - 03465788 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-18 02:15 - 2017-01-27 15:46 - 00000000 ___RD C:\Users\nanna\Creative Cloud Files
2017-03-18 02:15 - 2017-01-27 15:46 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-03-18 02:15 - 2017-01-27 15:28 - 00000000 ____D C:\Users\nanna\AppData\Local\Adobe
2017-03-18 02:15 - 2016-10-01 21:24 - 00000000 ___RD C:\Users\nanna\Dropbox
2017-03-18 02:14 - 2016-10-02 14:40 - 00000000 ____D C:\Users\nanna\AppData\Roaming\Spotify
2017-03-18 02:14 - 2016-10-02 14:40 - 00000000 ____D C:\Users\nanna\AppData\Local\Spotify
2017-03-18 02:14 - 2016-10-01 20:07 - 00000000 ___RD C:\Users\nanna\OneDrive
2017-03-18 02:13 - 2016-10-21 02:25 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-03-18 02:13 - 2016-10-01 20:02 - 00000000 __SHD C:\Users\nanna\IntelGraphicsProfiles
2017-03-18 02:12 - 2016-10-21 02:47 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-18 02:07 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-03-17 23:54 - 2016-10-21 02:28 - 00000000 ____D C:\Users\nanna
2017-03-17 23:52 - 2016-07-16 08:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-03-17 23:36 - 2017-02-04 23:29 - 00000104 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-17 23:24 - 2017-01-22 14:38 - 00000000 ____D C:\ProgramData\HitmanPro
2017-03-17 23:00 - 2017-01-22 04:09 - 00001995 _____ C:\Users\Public\Desktop\VideoStudio X9 Training.lnk
2017-03-17 23:00 - 2016-10-01 20:33 - 00002070 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-17 21:30 - 2017-01-22 12:27 - 00000000 ____D C:\Users\nanna\AppData\Roaming\Zifuthergcisy
2017-03-16 19:39 - 2017-02-09 12:10 - 00003540 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2017-03-16 19:39 - 2017-02-09 12:09 - 00003550 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2017-03-14 18:49 - 2016-10-01 20:18 - 00000000 ____D C:\Users\nanna\AppData\Local\Google
2017-03-14 18:47 - 2016-11-30 20:23 - 00000000 ____D C:\Users\nanna\AppData\LocalLow\Mozilla
2017-03-14 18:45 - 2016-10-01 20:18 - 00000000 ____D C:\Program Files (x86)\Google
2017-03-14 16:26 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-14 14:46 - 2017-01-22 22:31 - 00004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-03-14 14:46 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-03-14 14:46 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-03-09 23:15 - 2016-10-01 21:21 - 00000000 ____D C:\Users\nanna\AppData\Local\Dropbox
2017-03-09 21:32 - 2015-12-04 18:28 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-03-04 14:37 - 2016-07-16 13:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-04 01:28 - 2017-01-22 20:47 - 00006242 _____ C:\Users\nanna\Documents\starburn.txt
2017-03-04 00:32 - 2016-12-17 15:59 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-03-04 00:32 - 2016-10-01 20:07 - 00002389 _____ C:\Users\nanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-03-02 15:14 - 2017-01-22 12:26 - 00000000 ____D C:\Users\nanna\Documents\Corel_VideoStudio_Pro_X9_Keygen_Free_Download
2017-03-02 13:41 - 2017-01-22 15:07 - 00000000 ____D C:\Program Files (x86)\AVG
2017-03-02 13:41 - 2017-01-22 14:11 - 00000000 ____D C:\Users\nanna\AppData\Local\AvgSetupLog
2017-03-02 13:41 - 2017-01-22 12:29 - 00000000 ____D C:\ProgramData\Avg
2017-03-01 21:39 - 2016-07-16 13:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-22 11:52 - 2016-10-21 02:46 - 00000000 ____D C:\WINDOWS\System32\Tasks\ASUS
2017-02-22 11:52 - 2016-07-16 13:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-02-22 11:52 - 2015-12-04 18:23 - 00000000 ____D C:\Program Files (x86)\ASUS
2017-02-21 18:51 - 2017-02-09 17:09 - 00000212 _____ C:\Program Files (x86)\metadata
2017-02-17 00:49 - 2017-01-22 15:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
==================== Files in the root of some directories =======
2017-02-09 17:09 - 2017-02-21 18:51 - 0000212 _____ () C:\Program Files (x86)\metadata
2016-11-13 02:12 - 2017-01-26 22:00 - 0000132 _____ () C:\Users\nanna\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-10-01 20:03 - 2017-03-18 18:26 - 0000184 _____ () C:\Users\nanna\AppData\Roaming\sp_data.sys
2017-01-11 15:24 - 2017-01-11 15:24 - 0001456 _____ () C:\Users\nanna\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-10-21 02:26 - 2016-10-21 02:26 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
2017-03-02 13:42 - 2017-01-22 14:38 - 11581544 _____ (SurfRight B.V.) C:\Users\nanna\AppData\Local\Temp\HitmanPro.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-03-16 22:37
==================== End of FRST.txt ============================

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,573 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:41 AM

Posted 19 March 2017 - 08:15 AM

Hi,

ATTENTION: System Restore is disabled
Turn System Restore On for Drives in Windows 10
http://www.tenforums.com/tutorials/4533-system-protection-turn-off-drives-windows-10-a.html
===

Remove these programs in bold via the Control Panel > Programs > Programs and Features.
amuleC (HKLM-x32\...\{0F7B5011-72EC-493D-A7BF-546591047E8E}) (Version: 1.0.2 - amuleC) <==== ATTENTION
amulesw (HKLM-x32\...\{13D7C2E9-08E7-4889-94FF-87E707184E53}) (Version: 1.0.7 - amules) <==== ATTENTION
WinSnare (HKLM-x32\...\{FC5A2575-5D95-4466-A08A-8908998E49D0}) (Version: 4.3.3 - WinSnare) <==== ATTENTION
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShellExecuteHooks: No Name - {83E6080A-DE2B-11E6-82B8-64006A5CFC35} - C:\Users\nanna\AppData\Roaming\Zifuthergcisy\Jqaghchadosy.dll -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
GroupPolicyUsers\S-1-5-21-434370836-2680405139-1572276887-1001\User: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-434370836-2680405139-1572276887-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\ez81rtec.default -> youndoo
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\ez81rtec.default -> youndoo
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
S2 Chadatainreaqusy; C:\Program Files (x86)\Relgregeck\Versuyrpr.dll [X]
S2 HaaliKingsoft; rundll32.exe "C:\Program Files (x86)\Kingsoft\HaaliKingsoft.dll",soeasy [X]
S4 mccspsvc; "C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe" [X]
U0 aswVmm; no ImagePath
S3 dbx; system32\DRIVERS\dbx.sys [X]

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If the problem persists in MS Edge clean the cache.
Microsoft Edge: How to Clear Browser History and Cache
http://acer--uk.custhelp.com/app/answers/detail/a_id/38047/~/microsoft-edge%3A-how-to-clear-browser-history-and-cache

===

Please let me know what problem persists with this computer.

p.s.

You have many mfpmp.exe processes running.
C:\Windows\System32\mfpmp.exe
If you are experiencing problem have a look at this article.
https://www.howtogeek.com/forum/topic/what-is-the-process-mfpmpexe

#5 andreasi

andreasi
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 19 March 2017 - 04:34 PM

Hi,

ATTENTION: System Restore is disabled
Turn System Restore On for Drives in Windows 10
http://www.tenforums.com/tutorials/4533-system-protection-turn-off-drives-windows-10-a.html
===

Remove these programs in bold via the Control Panel > Programs > Programs and Features.
amuleC (HKLM-x32\...\{0F7B5011-72EC-493D-A7BF-546591047E8E}) (Version: 1.0.2 - amuleC) <==== ATTENTION
amulesw (HKLM-x32\...\{13D7C2E9-08E7-4889-94FF-87E707184E53}) (Version: 1.0.7 - amules) <==== ATTENTION
WinSnare (HKLM-x32\...\{FC5A2575-5D95-4466-A08A-8908998E49D0}) (Version: 4.3.3 - WinSnare) <==== ATTENTION
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 

Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShellExecuteHooks: No Name - {83E6080A-DE2B-11E6-82B8-64006A5CFC35} - C:\Users\nanna\AppData\Roaming\Zifuthergcisy\Jqaghchadosy.dll -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
GroupPolicyUsers\S-1-5-21-434370836-2680405139-1572276887-1001\User: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-434370836-2680405139-1572276887-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\ez81rtec.default -> youndoo
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\ez81rtec.default -> youndoo
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
S2 Chadatainreaqusy; C:\Program Files (x86)\Relgregeck\Versuyrpr.dll [X]
S2 HaaliKingsoft; rundll32.exe "C:\Program Files (x86)\Kingsoft\HaaliKingsoft.dll",soeasy [X]
S4 mccspsvc; "C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe" [X]
U0 aswVmm; no ImagePath
S3 dbx; system32\DRIVERS\dbx.sys [X]

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If the problem persists in MS Edge clean the cache.
Microsoft Edge: How to Clear Browser History and Cache
http://acer--uk.custhelp.com/app/answers/detail/a_id/38047/~/microsoft-edge%3A-how-to-clear-browser-history-and-cache

===

Please let me know what problem persists with this computer.

p.s.

You have many mfpmp.exe processes running.
C:\Windows\System32\mfpmp.exe
If you are experiencing problem have a look at this article.
https://www.howtogeek.com/forum/topic/what-is-the-process-mfpmpexe

 

 

Okay so first things first, I was able to only delete WinSnare but not the two others. They gave me an error message that said, "The path cannot be found. Verify that you have access to this location and try again, or try to find the installation package amule.msi in a folder from which you can install the product amulesw" and I'm not sure how to follow the instructions given? I searched for amulesw but couldn't find it, and I'm not sure if the message above means that I don't have whatever it is, installed and if so, I don't even know what that means. I'm sorry, I've learned I'm very unaware of the very basics of anything to do with computers.

 

Also, on the note of me not knowing what anything means, I also checked the forum about mfpmp.exe but didn't really understand what actions I should take if any.

 

As for the problems that the virus has caused, here's what I wrote on reddit (from where I was directed onto this forum):

 

"Hi, this is my first time asking here so I apologize if I'm doing it wrong. I'm using a Asus EeeBook E502SA 15,6'' with Windows 10.

I'm not entirely sure how long I've had the virus for, but no programs (AVG, Avast, Windows Defender...) that I've tried have been able to detect and/or erase the virus.

When I still had both browsers and used Mozilla Firefox, a cursor would appear on the page wherever I clicked, in a way which one would appear when you click on a text post. The cursor didn't allow me to write but it wouldn't disappear. The browser would also insist that I re-sign in onto my Google account every time that I opened it, but if I didn't log in I'd still appear logged in when opening a new tab. I found this shady enough to only fall for it once.

Whenever I opened either of these two browsers, two icons would appear on the toolbar instead of one; so along with the pinned Firefox icon, another Firefox icon would appear. Same with Chrome.

I have tried deleting and reinstalling both browsers but it didn't work. About once or twice a day Chrome will open up on its own despite me having deleted it, and it will open on a page called startpageing123.com

Also, related or not (though probably so), my toolbar also at times appears "too long", which results into me seeing only half of my clock and date on the bottom right corner of the screen. Double-clicking on the toolbar or clicking on the ^ beside the battery icon solves this issue.

I can use Edge as it doesn't seem to have been infected by the virus but would very much perefer using either Chrome or Firefox. Does anyone know what is going on and if there's a way to get rid of this virus? I'm willing to go as far as to reboot the entire system (as in reinstalling windows 10 and everything) if that's going to solve the problem, but I have no clue how to do that even after trying to Google it. I hope I provided enough information, this is everything I could think of."

 

​And although the icons that came with the fake firefox and chrome browsers disappeared, they were replaced by an icon of a computer and another one of a file. I'm afraid to click on either icon in case the virus is still active. Is there a way for me to get rid of them so I can reinstall the actual browsers? When I hover my mouse over the icons they say Chrome and Firefox respectively. Neither Chrome nor Firefox (or the fake versions of them I should say) have opened the startpageing123.com page on their own anymore, so I have no clue whether they're working browsers anymore or not. Working in the sense that the fake browsers were fully functional even after I deleted my actual Chrome and Firefox browsers.

 

This message is probably quite a mess so I hope you can make sense of it. Thank you so much for all the help you've provided so far!

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,573 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:41 AM

Posted 20 March 2017 - 08:38 AM


Lets concentrate on the current status.
Run this cleaning tool, post the logs and let me know what problems you are experiencing.

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Also, please provide an update on how the computer is behaving after running the above script.

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,573 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:41 AM

Posted 26 March 2017 - 07:25 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users