Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Possible Malware/Adware

This is a discussion on Possible Malware/Adware within the Resolved HJT Threads forums, part of the Tech Support Forum category. I'm running Windows 8.1, and primarily use Google Chrome to access the internet. Sometimes my browser will redirect to a


 
 
Thread Tools Search this Thread
Old 01-05-2017, 12:55 PM   #1
Registered Member
 
Join Date: Oct 2004
Posts: 18
OS: Windows vista



I'm running Windows 8.1, and primarily use Google Chrome to access the internet. Sometimes my browser will redirect to a random survey site out of nowhere. I've run a virus scan using AVG and a malware scan using MalwareBytes, but neither have detected or removed the problem.

I was unable to download and run DDS so I downloaded and ran Farberware Recovery and Scan Tool instead, and have attached the two txt files the scan produced.
Attached Files
File Type: txt FRST.txt (50.8 KB, 44 views)
File Type: txt Addition.txt (42.9 KB, 43 views)
Fenway Squid is offline  
Sponsored Links
Advertisement
 
Old 01-06-2017, 08:47 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

**Note - Please do NOT upgrade your OS to Windows 10 until your machine is clean, and we have uninstalled all our removal tools. Thanks.

------------------------------------------------------

It appears that you have two antivirus programs installed and running, AVG and Webroot.

While this may seem like better protection, they can actually conflict with one another and cause system instability or even system hangs.

Let me know which one you want to keep, and which you want to uninstall. Don't uninstall either yet, just let me know which you prefer to keep.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-07-2017, 06:41 AM   #3
Registered Member
 
Join Date: Oct 2004
Posts: 18
OS: Windows vista



Thanks. For my antivirus I'd prefer to keep AVG, but I'm open to any recommendations. For the log, the first time the program cleaned it shut down in the middle, so it didn't generate a log. I ran a scan and clean a second time, and here's what it gave me. I'll also paste the contents of the S0 txt file, since I think that's what it found on the first scan.

# AdwCleaner v6.042 - Logfile created 07/01/2017 at 09:29:11
# Updated on 06/01/2017 by Malwarebytes
# Database : 2017-01-06.1 [Local]
# Operating System : Windows 8.1 (X64)
# Username : Ken - KENSLAPTOP
# Running from : C:\Users\Ken\Desktop\adwcleaner_6.042.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: [x64] HKLM\SOFTWARE\Essentware
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\PROTOCOLS\handler\viprotocol
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Key deleted: HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\protocols\handler\viprotocol


***** [ Web browsers ] *****

[-] [C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: search provided by yahoo.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1552 Bytes] - [07/01/2017 09:29:11]
C:\AdwCleaner\AdwCleaner[S0].txt - [6314 Bytes] - [07/01/2017 09:25:49]
C:\AdwCleaner\AdwCleaner[S1].txt - [1866 Bytes] - [07/01/2017 09:28:53]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1771 Bytes] ##########

And here's the text detailing the results of the first scan.

# AdwCleaner v6.042 - Logfile created 07/01/2017 at 09:25:49
# Updated on 06/01/2017 by Malwarebytes
# Database : 2017-01-06.1 [Server]
# Operating System : Windows 8.1 (X64)
# Username : Ken - KENSLAPTOP
# Running from : C:\Users\Ken\Desktop\adwcleaner_6.042.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

Service Found: vToolbarUpdater18.1.9


***** [ Folders ] *****

Folder Found: C:\ProgramData\Avg_Update_0116av
Folder Found: C:\ProgramData\Avg_Update_1015av
Folder Found: C:\ProgramData\Avg_Update_1215av
Folder Found: C:\Users\Ken\AppData\Local\pokki
Folder Found: C:\Users\Ken\AppData\Local\Pokki
Folder Found: C:\Users\Ken\Favorites\StumbleUpon
Folder Found: C:\ProgramData\AVG Secure Search
Folder Found: C:\ProgramData\AVG Security Toolbar
Folder Found: C:\ProgramData\Application Data\AVG Secure Search
Folder Found: C:\ProgramData\Application Data\AVG Security Toolbar
Folder Found: C:\Program Files (x86)\AVG Secure Search
Folder Found: C:\Program Files (x86)\w3i
Folder Found: C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found: C:\WINDOWS\SysWOW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar
Folder Found: C:\Users\Default User\AppData\Local\Pokki
Folder Found: C:\Users\Default\AppData\Local\Pokki


***** [ Files ] *****

File Found: C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Found: C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Found: C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_b52b7a05ea010d22183cece45cbb6e86cf917a76
Key Found: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
Key Found: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
Key Found: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
Key Found: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
Key Found: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found: HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found: HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
Key Found: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
Key Found: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
Key Found: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
Key Found: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found: [x64] HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found: [x64] HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found: HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found: HKLM\SOFTWARE\Classes\AppID\{56AD7EEE-D6C0-410E-8A7B-811DEA764554}
Key Found: HKLM\SOFTWARE\Classes\AppID\{E8EB2F1F-661E-4A7F-8F9A-77DEB757A906}
Key Found: HKLM\SOFTWARE\Classes\AppID\{AF85DB83-06F2-4ECF-97CF-C46EDB06BE29}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
Key Found: HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found: HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found: HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found: HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found: HKU\S-1-5-21-4023138018-2231344712-2303682215-1001\Software\Essentware
Key Found: HKU\S-1-5-21-4023138018-2231344712-2303682215-1001\Software\Pokki
Key Found: HKU\S-1-5-21-4023138018-2231344712-2303682215-1001\Software\AppDataLow\Software\adawarebp
Key Found: HKU\S-1-5-21-4023138018-2231344712-2303682215-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Key Found: HKCU\Software\Essentware
Key Found: HKCU\Software\Pokki
Key Found: HKCU\Software\AppDataLow\Software\adawarebp
Key Found: HKLM\SOFTWARE\AVG Secure Search
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Key Found: [x64] HKCU\Software\Essentware
Key Found: [x64] HKCU\Software\Pokki
Key Found: [x64] HKCU\Software\AppDataLow\Software\adawarebp
Key Found: [x64] HKLM\SOFTWARE\Essentware
Key Found: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Key Found: HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found: HKLM\SOFTWARE\Classes\PROTOCOLS\handler\viprotocol
Key Found: HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
Key Found: HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found: HKLM\SOFTWARE\Classes\protocols\handler\viprotocol


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [6110 Bytes] - [07/01/2017 09:25:49]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6183 Bytes] ##########
Fenway Squid is offline  
Sponsored Links
Advertisement
 
Old 01-07-2017, 02:31 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello Fenway Squid. Are you familiar with this website:

promotionsandsweeps.com

Let me know.

------------------------------------------------------

You can go ahead and uninstall Webroot via Programs and Features.

Let me know if you successfully uninstalled Webroot.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-08-2017, 07:22 AM   #5
Registered Member
 
Join Date: Oct 2004
Posts: 18
OS: Windows vista



Webroot has been successfully uninstalled.

That promotionsandsweeps.com site is one that my browser redirects to, another one is mellowsurvey.com. I'd never visited either one before my browser started redirecting to them.
Fenway Squid is offline  
Old 01-08-2017, 01:59 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Fenway Squid.

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

https://windows.microsoft.com/en-us/w...backup-restore

------------------------------------------------------

CCleaner

We do not recommend the use of registry cleaners, or the registry cleaner feature of CCleaner. Our colleague miekiemoes has an excellent writeup here

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    (Webroot) C:\Program Files\Webroot\WRSA.exe
    HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [988928 2017-01-05] (Webroot)
    Winlogon\Notify\igfxcui: igfxdev.dll [X]
    HKU\S-1-5-21-4023138018-2231344712-2303682215-1001\...\MountPoints2: {fbb0d628-3a5d-11e3-8250-806e6f6e6963} - "D:\SETUP.EXE" 
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk [2013-12-11]
    ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk [2013-12-11]
    ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
    SearchScopes: HKLM -> DefaultScope {69F9CC7F-7290-42E0-AB03-31A7D157D17B} URL = 
    SearchScopes: HKU\S-1-5-21-4023138018-2231344712-2303682215-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = 
    BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2013-12-11] (Webroot)
    BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll [2014-08-08] (Webroot)
    BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2013-12-11] (Webroot)
    BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll [2014-08-08] (Webroot)
    Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2013-12-11] (Webroot)
    Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2013-12-11] (Webroot)
    FF Keyword.URL: Mozilla\Firefox\Profiles\0mhpghpe.default -> 
    FF Extension: (Webroot Password Manager) - C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\0mhpghpe.default\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} [2016-12-29] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [webro[email protected]] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
    FF Extension: (Webroot Filtering Extension) - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2014-08-08] [not signed]
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\PepperFlash\pepflashplayer.dll => No File
    CHR Extension: (Webroot Filtering Extension) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2016-10-21]
    CHR Extension: (Webroot Password Manager) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab [2015-05-04]
    CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - C:\ProgramData\WRData\PKG\CHROME\CHROME_1.0.0.40.crx [2014-08-08]
    CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2013-08-11]
    R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [988928 2017-01-05] (Webroot)
    R0 WRkrn; C:\WINDOWS\System32\drivers\WRkrn.sys [143248 2017-01-05] (Webroot)
    2013-08-11 17:07 - 2013-12-11 08:57 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
    C:\Program Files\Webroot
    C:\ProgramData\WRData
    HOSTS:
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-09-2017, 07:01 AM   #7
Registered Member
 
Join Date: Oct 2004
Posts: 18
OS: Windows vista



Okay, I ran it. Here's the fixlog.txt file:

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-01-2017
Ran by Ken (09-01-2017 00:00:40) Run:1
Running from C:\Users\Ken\Downloads
Loaded Profiles: Ken (Available Profiles: Ken)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
(Webroot) C:\Program Files\Webroot\WRSA.exe
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [988928 2017-01-05] (Webroot)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-4023138018-2231344712-2303682215-1001\...\MountPoints2: {fbb0d628-3a5d-11e3-8250-806e6f6e6963} - "D:\SETUP.EXE"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk [2013-12-11]
ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk [2013-12-11]
ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
SearchScopes: HKLM -> DefaultScope {69F9CC7F-7290-42E0-AB03-31A7D157D17B} URL =
SearchScopes: HKU\S-1-5-21-4023138018-2231344712-2303682215-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2013-12-11] (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll [2014-08-08] (Webroot)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2013-12-11] (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll [2014-08-08] (Webroot)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2013-12-11] (Webroot)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2013-12-11] (Webroot)
FF Keyword.URL: Mozilla\Firefox\Profiles\0mhpghpe.default ->
FF Extension: (Webroot Password Manager) - C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\0mhpghpe.default\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} [2016-12-29] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Extension: (Webroot Filtering Extension) - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2014-08-08] [not signed]
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\PepperFlash\pepflashplayer.dll => No File
CHR Extension: (Webroot Filtering Extension) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2016-10-21]
CHR Extension: (Webroot Password Manager) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab [2015-05-04]
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - C:\ProgramData\WRData\PKG\CHROME\CHROME_1.0.0.40.crx [2014-08-08]
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2013-08-11]
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [988928 2017-01-05] (Webroot)
R0 WRkrn; C:\WINDOWS\System32\drivers\WRkrn.sys [143248 2017-01-05] (Webroot)
2013-08-11 17:07 - 2013-12-11 08:57 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
C:\Program Files\Webroot
C:\ProgramData\WRData
HOSTS:
EmptyTemp:
end
*****************

Restore point was successfully created.
C:\Program Files\Webroot\WRSA.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\WRSVC => value not found.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui => key removed successfully
HKU\S-1-5-21-4023138018-2231344712-2303682215-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fbb0d628-3a5d-11e3-8250-806e6f6e6963} => key removed successfully
HKCR\CLSID\{fbb0d628-3a5d-11e3-8250-806e6f6e6963} => key not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk => not found.
C:\Program Files (x86)\Common Files\wruninstall.exe => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk => not found.
C:\Program Files (x86)\Common Files\wruninstall.exe => not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-4023138018-2231344712-2303682215-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key removed successfully
HKCR\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504} => key not found.
HKCR\CLSID\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C9C42510-9B41-42c1-9DCD-7282A2D07C61} => key not found.
HKCR\CLSID\{C9C42510-9B41-42c1-9DCD-7282A2D07C61} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504} => key not found.
HKCR\Wow6432Node\CLSID\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C9C42510-9B41-42c1-9DCD-7282A2D07C61} => key not found.
HKCR\Wow6432Node\CLSID\{C9C42510-9B41-42c1-9DCD-7282A2D07C61} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{97ab88ef-346b-4179-a0b1-7445896547a5} => value not found.
HKCR\CLSID\{97ab88ef-346b-4179-a0b1-7445896547a5} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{97ab88ef-346b-4179-a0b1-7445896547a5} => value not found.
HKCR\Wow6432Node\CLSID\{97ab88ef-346b-4179-a0b1-7445896547a5} => key not found.
Firefox "Keyword.URL" removed successfully
C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\0mhpghpe.default\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} => not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\[email protected] => value not found.
C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer => not found.
C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\PepperFlash\pepflashplayer.dll => not found.
C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd => not found
C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab => not found
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kjeghcllfecehndceplomkocgfbklffd => key not found.
"C:\ProgramData\WRData\PKG\CHROME\CHROME_1.0.0.40.crx" => not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab => key not found.
"C:\ProgramData\WRData\pkg\lpchrome.crx" => not found.
WRSVC => service not found.
WRkrn => service not found.
"C:\Program Files (x86)\Common Files\wruninstall.exe" => not found.
C:\Program Files\Webroot => moved successfully
C:\ProgramData\WRData => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 60835415 B
Java, Flash, Steam htmlcache => 2443 B
Windows/system/drivers => 96693447 B
Edge => 0 B
Chrome => 429821243 B
Firefox => 288356776 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 230606 B
systemprofile32 => 128 B
LocalService => 539826 B
NetworkService => 0 B
Ken => 1288170449 B

RecycleBin => 3111517 B
EmptyTemp: => 2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 00:10:09 ====
Fenway Squid is offline  
Old 01-09-2017, 07:54 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Fenway Squid. How is the machine behaving?
  • Launch Malwarebytes' Anti-Malware
  • On the Dashboard, click the Scan Now button.
  • A check for database updates will be performed.
  • After the update check completes, a Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------

Uninstall the following via the Programs and Features Panel (Start->(Settings)->Control Panel->Programs->Programs and Features):

Java 8 Update 101

These are all outdated, and security risks by having them installed still. Reboot your computer once all those Java components are removed.

Leave this one as it has the latest definitions:

Java 8 Update 111

Going forward, Java will overwrite existing installs, so removing older versions should not be required after this.

When updating in the future, make sure you untick the box next to whatever free program they prompt you to install, unless you want it.

------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-11-2017, 08:07 PM   #9
Registered Member
 
Join Date: Oct 2004
Posts: 18
OS: Windows vista



Here's the MBAM log:

<?xml version="1.0" encoding="UTF-8" ?>
<logs>
<record severity="debug" LoggingEventType="1" datetime="2017-01-10T07:48:57.625791-05:00" source="Manual" type="Update" username="SYSTEM" systemname="KENSLAPTOP" fromVersion="2017.1.5.3" last_modified_tag="b3a9df45-3c18-4efe-8bc3-0ca053f0c0cc" name="Domain Database" toVersion="2017.1.10.6"></record>
<record severity="debug" LoggingEventType="1" datetime="2017-01-10T07:48:59.155971-05:00" source="Manual" type="Update" username="SYSTEM" systemname="KENSLAPTOP" fromVersion="2017.1.5.1" last_modified_tag="f797a54c-0aed-4451-b05b-8d79efeaf32b" name="IP Database" toVersion="2017.1.10.2"></record>
<record severity="debug" LoggingEventType="1" datetime="2017-01-10T07:49:07.671471-05:00" source="Manual" type="Update" username="SYSTEM" systemname="KENSLAPTOP" fromVersion="2017.1.5.5" last_modified_tag="3810d7d4-b96f-4885-98e2-4edcd4e18751" name="Malware Database" toVersion="2017.1.10.5"></record>
<record severity="debug" scantype="threat" LoggingEventType="6" starttime="2017-01-10T07:49:07-05:00" datetime="2017-01-10T12:54:07.703081-05:00" source="Manual" type="Scan" username="SYSTEM" systemname="KENSLAPTOP" last_modified_tag="1c8c687a-738c-4e2f-9493-f379f34b5410" duration="1455" malwaredetections="0" nonmalwaredetections="1" scanresult="completed"></record>
</logs>

Here's the ESET Report:

C:\Users\Ken\Downloads\installer.zip a variant of Win32/InstallCore.ACZ potentially unwanted application

As for system behavior, I haven't seen Google Chrome redirect itself for a few days (that's the only one of my browsers that does it, but both internet explorer and firefox become unresponsive when running adobe flash player so I mainly use Chrome to go online), but I haven't been online much during that time. The redirection has always been sporadic, sometimes it happens after a few minutes and other times I'll go hours at a time without seeing it, so I'm hesitant to call it all better just yet. I'll leave Google Chrome open and see if it redirects and report back. Are there any other scans I should run in the meantime?
Fenway Squid is offline  
Old 01-14-2017, 07:42 AM   #10
Registered Member
 
Join Date: Oct 2004
Posts: 18
OS: Windows vista



Update: the same redirection just happened, so not solved yet. Here's the site chrome redirected to:

AT&T Survey

The redirection almost always happens when I'm on the addictinggames.com web site playing mah-jongg. That made me think it was something on that site, but once it even happened when I was reading messages here. I haven't seen it happen on either firefox or internet explorer, but when I use those browsers flash player becomes slow and unresponsive. (That might be a discussion for another thread, though.)
Fenway Squid is offline  
Old 01-14-2017, 08:01 PM   #11
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Fenway Squid. Sorry for the late reply. I've been under the weather.

That wasn't a proper MBAM scan log. Please post the most recent scan log, and save it as a text file, and not an xml file.

Nothing is showing in your logs as far as Chrome. I think it is something with that games site.

See if it happens again with Chrome, but don't go to that site for a few days. Let me know.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-15-2017, 04:32 PM   #12
Registered Member
 
Join Date: Oct 2004
Posts: 18
OS: Windows vista



No worries, rest and feel better.

I ran another MBAM scan today (0 threats found), here's the log:

<mbam-log>
<header>
<date>2017/01/15 16:22:44 -0500</date>
<logfile>mbam-log-2017-01-15 (16-22-04).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.2.1.1043</version>
<malware-database>v2017.01.15.07</malware-database>
<rootkit-database>v2016.11.20.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<hostname>KENSLAPTOP</hostname>
<ip>192.168.1.75</ip>
<osversion>Windows 8.1</osversion>
<arch>x64</arch>
<username>Ken</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>362076</objects>
<time>1408</time>
<processes>0</processes>
<modules>0</modules>
<keys>0</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>0</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
</items>
</mbam-log>
Fenway Squid is offline  
Old 01-25-2017, 08:56 AM   #13
Registered Member
 
Join Date: Oct 2004
Posts: 18
OS: Windows vista



I think we can call this one solved. I haven't visited addictinggames.com for about a week and haven't had google chrome redirected during that time. Looks like it's something tied to that site.
Fenway Squid is offline  
Old 01-25-2017, 06:27 PM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Congratulations. Well done! Your logs appear clean. You should be good to go.

------------------------------------------------------
  • Press the Windows "logo" key and "R" key then type cleanmgr into the Run box and click OK.
  • If prompted, select your hard drive(usually C:\) then click 'OK'.
  • You should see the scanning screenshot for a few seconds.
  • Click 'Clean up system files'
  • If prompted by UAC, then click 'Yes'.
  • If prompted, select your hard drive(usually C:\) then click 'OK'.
  • You should see the scanning screenshot again, for a few seconds up to a few minutes.
  • Click on the 'More Options' tab, and click on the 'Clean up' button under the 'System Restore and Shadow Copies' section.
  • Click/tap on the 'Delete' button in the confirm deletion window, then press 'OK'.
  • Click/tap on the 'Delete files' button in the confirm deletion window.
This will remove all but the most recent System Restore Point.

------------------------------------------------------

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.
  • Run AdwCleaner and select Uninstall
  • Confirm by clicking Yes
------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\FRST"

A DOS window will open and close again, this is normal.

------------------------------------------------------

Please read this and, if possible, contribute as much as you can:

https://www.bleepingcomputer.com/anno...dom-of-speech/

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Scan('Threat Scan' by default, or 'Scan Now' under the Dashboard tab) weekly.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

------------------------------------------------------

Make sure you backup your system, so possible reformatting in the future isn't necessary:

https://windows.microsoft.com/en-us/w...backup-restore

https://blogs.technet.com/b/keithmaye...poftheday.aspx

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 0.0.0.0, which is the IP of your local computer. See guide for Windows 8/Windows 10 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 02-26-2017, 06:40 AM   #15
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



As this topic appears to be resolved, this thread will be archived. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Cant Get Rid Of Malware/Adware
I Have Some Malware or Adware On My PC. I Somehow Downloaded Some Program Called CrossBrowse And WebShield. It Also Came With A Bunch Of Little Programs One Of Them Was Named Storm Watch And I Cant Remember The Others Because I Used IObit Uninstaller Instantly. Now I Have Random Pop-up And Web...
kinsouls Resolved HJT Threads 18 06-03-2015 06:52 PM
Malware/Adware on Win7
Have had a few, unwanted annoyances show up the last couple days. Not sure what family has been clicking on. Biggest evidence are two tabs when starting Chrome, "Funmoods" and "Sweetpacks" and evidence of both Sweetpacks and WebCake in running processes. I apologize if I haven't followed...
bmwright Inactive Malware Help Topics 4 06-17-2013 02:13 PM
Malware/Adware - Ads placed on web pages
Hello, I seem to have gotten some sore of computer infection. I know so by the fact that most of the web pages I go to are placed with ads inside of them that aren't actually supposed to be a part of them. Very weird. Seems to slowed down loading as well but could just be my mind playing tricks...
ca4224 Resolved HJT Threads 26 11-16-2012 05:00 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 02:03 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts