Inactive-A GVU Trojaner

Durtn · 2013/09/02

[Inactive-A] GVU Trojaner

Hello,

I`ve got the same Problem as the guy you helped on this Link:

[Resolved] windows 7 boots to black screen with CMD boxed window

So I need to ask you, if that works with my PC aswell. I had some malware called GVU Trojaner (from kinox.to) I got the windows 7 Ultimate and the same black screen cmd box problem. We used a emergency CD which got reed of the Virus. But now we start the PC and just the cmd box appears.

So just tell me if i can go the same way, PLEASE...Would be nice to hear from you.
Thanks and Greetz

Durtn

Durtn · 2013/09/02

http://www.windowsbbs.com/malware-v...ws-7-boots-black-screen-cmd-boxed-window.html <-----thats the link i meant...

Admin. · 2013/09/02

No.

Read this post as indicated at the top of this forum & follow the instructions.

Durtn · 2013/09/02

What? Sorry, i dont get it---

Admin. · 2013/09/02

There's nothing to get. Click the link & follow the information posted.

Durtn · 2013/09/02

so i read it and now I make a new post with all the informations. I cannot get into my desktop for updating my antivirus system, but i got the newest bitedefender. If I start my Computer the black box called "Administrator:cmd.exe" appears and it says:
Microsoft Windows [Version 6.1.7601]
Copyright <c> 2009 Microsoft Corporation. Alle Rechte vorbehalten

C:\Windows\system32>

I could could open the Bitedefender by restarting my computer and pressing Tab.
Windows appears where I can start my Windows 7 or choos Tools:
Bitedefender Rescue Mode
Windows-Speicherdiagnose

by pressing F8 I can go to the Erweiterte Startoption.
Computer repair etc.

I had the Virus called GVU Trojaner which wanted me to pay a 100 Euro for get gone (What i, of course, didnt do) I downloaded a Emergency CD and booted it. It scanned my PC and got reed of the malware. But now, as I said, just the black Cmd box appears.

If you tell me so, I post this in a new topic. I dont now much about all this stuff, so please be patient and explain yourself really simple. Thanks...(i`m from germany, by the way ) Durtn
it says:

broni · 2013/09/02

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===============================

I'm not sure if I'm reading your posts correctly.
Are you saying that you're not able to boot to your Desktop in normal or safe mode?

Durtn · 2013/09/02

not able to boot to my Desktop in normal or safe mode

Hi Broni,

Yes thats correct. I`m not able to boot to my Desktop in normal or safe mode. A Black screen appears and the Administrator:cmd.exe box

I thought I can go the same way, that the guy you helped. So I sent you the FRST.txt report and stuff like that...is that possible ??

Greatings
Durtn

broni · 2013/09/02

NOTE 1. Use another working computer to download following tool.
NOTE 2. Install Panda USB Vaccine, or BitDefender’s USB Immunizer on GOOD computer to protect it from any infected USB device.

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

If you are using Vista or Windows 7 enter System Recovery Options.

[color= "#0000FF"]To enter System Recovery Options from the Advanced Boot Options:[/color]

Restart the computer.

As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.

Use the arrow keys to select the Repair your computer menu item.

Select US as the keyboard language settings, and then click Next.

Select the operating system you want to repair, and then click Next.

Select your user account an click Next.

[color= "#0000FF"]To enter System Recovery Options by using Windows installation disc:[/color]

Insert the installation disc.

Restart your computer.

If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.

Click Repair your computer.

Select US as the keyboard language settings, and then click Next.

Select the operating system you want to repair, and then click Next.

Select your user account and click Next.

[color= "#008000"]On the System Recovery Options menu you will get the following options:[/color]

Startup Repair

System Restore

Windows Complete PC Restore

Windows Memory Diagnostic Tool

Command Prompt

Select Command Prompt

In the command window type in notepad and press Enter.

The notepad opens. Under File menu select Open.

Select "Computer" and find your flash drive letter and close the notepad.

In the command window type [color= "#FF0000"]e[/color]:\frst (for x64 bit version type [color= "#FF0000"]e[/color]:\frst64) and press Enter
Note: Replace letter [color= "#FF0000"]e[/color] with the drive letter of your flash drive.

The tool will start to run.

When the tool opens click Yes to disclaimer.

Press Scan button.

It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Durtn · 2013/09/02

Okay...Thanks. So this is the Frst. txt report.

----------------------------------------------------

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-08-2013
Ran by SYSTEM on 02-09-2013 21:39:42
Running from F:\
Windows 7 Ultimate (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7833120 2009-05-22] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-05-22] (Realtek Semiconductor Corp.)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [BDAgent] - C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe [1091200 2013-01-05] (Bitdefender)
HKLM-x32\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [36864 2009-06-30] ()
HKLM-x32\...\Run: [TurboV] - C:\Program Files\ASUS\TurboV\TurboV.exe [5516800 2009-10-20] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-09-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVMWlanClient] - C:\Program Files (x86)\avmwlanstick\wlangui.exe [1904640 2009-03-20] (AVM Berlin)
HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl8] - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePPShortCut] - C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [LGODDFU] - C:\Program Files (x86)\lg_fwupdate\fwupdate.exe [548864 2008-10-01] (BL)
HKLM-x32\...\Run: [UpdatePSTShortCut] - C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-09-29] (CyberLink Corp.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-09-08] (Apple Inc.)
HKLM-x32\...\Run: [DigidesignMMERefresh] - C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [77824 2010-06-16] (Avid Technology, Inc.)
HKLM-x32\...\Run: [WinampAgent] - C:\Program Files (x86)\Winamp\winampa.exe [74752 2010-07-12] (Nullsoft, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2012-03-27] (Apple Inc.)
HKU\Majer\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company)
HKU\Majer\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-09-15] (Google Inc.)
HKU\Majer\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKU\Majer\...\Command Processor: <===== ATTENTION!
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL C:\PROGRA~2\MUSICT~1\Datamngr\x64\mgrldr.dll [21504 2013-06-18] ()
AppInit_DLLs-x32: C:\PROGRA~3\Wincert\WIN32C~1.DLL C:\PROGRA~2\MUSICT~1\Datamngr\mgrldr.dll [7168 2013-04-09] ()
Startup: C:\Users\Majer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) =================

S2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-08-19] (ASUSTeK Computer Inc.)
S4 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [368640 2009-03-20] (AVM Berlin)
S4 DatamngrCoordinator; C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe [3178496 2013-06-18] (Bandoo Media Inc.)
S2 DigiRefresh; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [77824 2010-06-16] (Avid Technology, Inc.)
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [271760 2009-04-15] ()
S3 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [75384 2012-09-24] (Bitdefender)
S3 Update Server; C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [466736 2011-10-14] (BitDefender)
S2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe [67904 2012-09-24] (Bitdefender)
S2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe [1957912 2013-01-05] (Bitdefender)

==================== Drivers (Whitelisted) ====================

S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
S0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [705552 2013-01-05] (BitDefender)
S3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2013-01-05] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [587024 2013-01-05] (BitDefender)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2009-03-20] (AVM Berlin)
S1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93160 2012-09-24] (BitDefender LLC)
S0 bdfsfltr; C:\Windows\System32\DRIVERS\bdfsfltr.sys [442088 2011-08-16] (BitDefender)
S1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)
S3 bdsandbox; C:\Windows\system32\drivers\bdsandbox.sys [79952 2011-11-17] (BitDefender SRL)
S1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [103944 2010-01-19] (BitDefender)
S3 dalwdmservice; C:\Windows\System32\drivers\dalwdm.sys [139792 2009-12-18] (Avid, Inc. All rights reserved.)
S3 DGUSBAP; C:\Windows\System32\DRIVERS\dgmbx2.sys [192528 2010-06-22] (Avid Technology, Inc.)
S3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [59224 2011-10-13] (Focusrite Audio Engineering Limited.)
S3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [552704 2009-03-20] (AVM GmbH)
S3 gbxavs; C:\Windows\System32\Drivers\gbxavs.sys [357968 2011-07-07] (Native Instruments GmbH)
S3 gbxusb_svc; C:\Windows\System32\Drivers\gbxusb.sys [68688 2011-07-07] (Native Instruments GmbH)
S3 MBX2DFU; C:\Windows\System32\DRIVERS\dgmbx2fu.sys [31120 2010-06-22] (Avid Technology, Inc.)
S3 MBX2MIDK; C:\Windows\System32\drivers\mbx2midk.sys [32400 2009-12-18] (Avid, Inc. All rights reserved.)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [329800 2011-10-27] (BitDefender S.R.L.)
S3 YMIDUSBW; C:\Windows\System32\drivers\ymidusbx64.sys [48200 2009-08-04] (Yamaha Corporation)
S3 swmidi;
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-08-30 15:06 - 2013-08-30 20:37 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-08-29 17:57 - 2013-08-29 17:57 - 00000000 __SHD C:\found.001
2013-08-28 20:18 - 2013-08-28 20:18 - 00000000 __SHD C:\found.000
2013-08-28 20:11 - 2013-08-28 20:11 - 00000000 ____D C:\FRST
2013-08-27 17:17 - 2013-08-27 17:17 - 00163082 _____ C:\Users\Majer\AppData\Roaming\2433f433
2013-08-27 17:17 - 2013-08-27 17:17 - 00163033 _____ C:\Users\Majer\AppData\Local\2433f433
2013-08-27 17:17 - 2013-08-27 17:17 - 00163011 _____ C:\ProgramData\2433f433
2013-08-20 17:19 - 2013-08-20 17:41 - 00000000 ____D C:\Geburtstag
2013-08-15 12:51 - 2013-07-26 06:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-08-15 12:51 - 2013-07-26 06:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-08-15 12:51 - 2013-07-26 06:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-08-15 12:51 - 2013-07-26 06:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-08-15 12:51 - 2013-07-26 06:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-08-15 12:51 - 2013-07-26 06:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-08-15 12:51 - 2013-07-26 06:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-08-15 12:51 - 2013-07-26 06:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-08-15 12:51 - 2013-07-26 06:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-08-15 12:51 - 2013-07-26 06:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-08-15 12:51 - 2013-07-26 06:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-08-15 12:51 - 2013-07-26 06:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-08-15 12:51 - 2013-07-26 06:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-08-15 12:51 - 2013-07-26 06:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-08-15 12:51 - 2013-07-26 04:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-08-15 12:51 - 2013-07-26 04:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 12:51 - 2013-07-26 04:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 12:51 - 2013-07-26 04:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 12:51 - 2013-07-26 04:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 12:51 - 2013-07-26 04:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 12:51 - 2013-07-26 04:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 12:51 - 2013-07-26 04:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 12:51 - 2013-07-26 04:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 12:51 - 2013-07-26 04:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 12:51 - 2013-07-26 04:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 12:51 - 2013-07-26 04:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 12:51 - 2013-07-26 04:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 12:51 - 2013-07-26 04:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 12:51 - 2013-07-26 03:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 12:51 - 2013-07-26 03:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-15 12:51 - 2013-07-26 02:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 12:48 - 2013-08-15 12:49 - 00000000 ____D C:\Windows\System32\MRT
2013-08-14 22:30 - 2013-08-20 20:09 - 00000000 ____D C:\Entertainment (traumland)
2013-08-14 21:13 - 2013-08-14 21:14 - 25979932 _____ C:\Users\Majer\Downloads\Intro_Es Pumpt duch die Adern.wav
2013-08-14 21:10 - 2013-08-14 21:10 - 00013708 _____ C:\Users\Majer\Desktop\slaughter house.odt
2013-08-14 17:15 - 2013-08-14 17:15 - 00007334 _____ C:\Users\Majer\Desktop\OpenDocument Text (neu) (7).odt
2013-08-14 16:02 - 2013-07-25 10:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-08-14 16:02 - 2013-07-25 09:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 16:02 - 2013-07-19 02:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-08-14 16:02 - 2013-07-19 02:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 16:02 - 2013-07-09 07:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-08-14 16:02 - 2013-07-09 06:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-08-14 16:02 - 2013-07-09 06:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-08-14 16:02 - 2013-07-09 06:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-08-14 16:02 - 2013-07-09 06:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2013-08-14 16:02 - 2013-07-09 06:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-08-14 16:02 - 2013-07-09 06:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-08-14 16:02 - 2013-07-09 06:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-08-14 16:02 - 2013-07-09 06:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 16:02 - 2013-07-09 06:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 16:02 - 2013-07-09 05:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 16:02 - 2013-07-09 05:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 16:02 - 2013-07-09 05:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 16:02 - 2013-07-09 05:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 16:02 - 2013-07-09 05:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 16:02 - 2013-07-09 05:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 16:02 - 2013-07-09 05:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 16:02 - 2013-07-09 03:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 16:02 - 2013-07-09 03:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 16:02 - 2013-07-09 03:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 16:02 - 2013-07-09 03:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 16:02 - 2013-07-06 07:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-08-14 16:02 - 2013-06-15 05:35 - 01111552 _____ (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2013-08-14 16:02 - 2013-06-15 05:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
2013-08-13 23:19 - 2013-08-18 23:20 - 00002461 _____ C:\Users\Majer\Desktop\Sexappeal.txt
2013-08-08 04:37 - 2010-04-18 13:24 - 39579688 _____ C:\Users\Majer\Desktop\04 Spur 4.wav
2013-08-08 04:37 - 2010-04-18 13:24 - 27713848 _____ C:\Users\Majer\Desktop\03 Spur 3.wav
2013-08-08 04:37 - 2010-04-18 13:23 - 28287736 _____ C:\Users\Majer\Desktop\02 Spur 2.wav

==================== One Month Modified Files and Folders =======

2013-09-02 20:28 - 2013-04-08 21:16 - 00046223 _____ C:\Windows\setupact.log
2013-09-02 20:28 - 2011-08-29 16:30 - 00000374 _____ C:\Windows\System32\Drivers\etc\hosts.ics
2013-09-02 20:28 - 2010-09-15 09:26 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-02 20:28 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-02 14:46 - 2010-09-14 12:10 - 01720737 _____ C:\Windows\WindowsUpdate.log
2013-09-02 14:40 - 2010-09-15 09:26 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-02 14:35 - 2009-07-14 05:45 - 00013408 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-02 14:35 - 2009-07-14 05:45 - 00013408 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-01 23:24 - 2012-04-01 09:07 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-30 20:37 - 2013-08-30 15:06 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-08-30 18:50 - 2012-04-17 16:36 - 00000376 _____ C:\Users\Majer\AppData\Roamingprivacy.xml
2013-08-30 16:51 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-29 17:57 - 2013-08-29 17:57 - 00000000 __SHD C:\found.001
2013-08-28 21:13 - 2009-07-14 05:45 - 00015360 _____ C:\Windows\System32\umstartup.etl
2013-08-28 20:18 - 2013-08-28 20:18 - 00000000 __SHD C:\found.000
2013-08-28 20:11 - 2013-08-28 20:11 - 00000000 ____D C:\FRST
2013-08-27 17:22 - 2013-04-08 21:16 - 00004468 _____ C:\Windows\PFRO.log
2013-08-27 17:17 - 2013-08-27 17:17 - 00163082 _____ C:\Users\Majer\AppData\Roaming\2433f433
2013-08-27 17:17 - 2013-08-27 17:17 - 00163033 _____ C:\Users\Majer\AppData\Local\2433f433
2013-08-27 17:17 - 2013-08-27 17:17 - 00163011 _____ C:\ProgramData\2433f433
2013-08-27 17:08 - 2012-06-21 13:16 - 00000000 ___RD C:\Users\Majer\Dropbox
2013-08-27 17:08 - 2012-06-21 12:13 - 00000000 ____D C:\Users\Majer\AppData\Roaming\Dropbox
2013-08-27 17:08 - 2010-09-15 10:53 - 00000300 _____ C:\Windows\lgfwup.ini
2013-08-27 17:08 - 2010-09-15 10:53 - 00000000 ____D C:\Program Files (x86)\lg_fwupdate
2013-08-27 17:06 - 2010-09-15 22:49 - 00000000 ____D C:\Users\Majer\AppData\Roaming\Digidesign
2013-08-27 15:04 - 2010-09-27 13:00 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{847E6A18-EBA3-412B-AE39-19D4FAAEC627}
2013-08-20 20:40 - 2010-09-24 17:27 - 00000000 ____D C:\Users\Majer\AppData\Roaming\Winamp
2013-08-20 20:09 - 2013-08-14 22:30 - 00000000 ____D C:\Entertainment (traumland)
2013-08-20 17:41 - 2013-08-20 17:19 - 00000000 ____D C:\Geburtstag
2013-08-20 09:07 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\NDF
2013-08-18 23:20 - 2013-08-13 23:19 - 00002461 _____ C:\Users\Majer\Desktop\Sexappeal.txt
2013-08-15 12:49 - 2013-08-15 12:48 - 00000000 ____D C:\Windows\System32\MRT
2013-08-15 12:48 - 2010-09-18 06:56 - 78161360 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-08-14 21:14 - 2013-08-14 21:13 - 25979932 _____ C:\Users\Majer\Downloads\Intro_Es Pumpt duch die Adern.wav
2013-08-14 21:10 - 2013-08-14 21:10 - 00013708 _____ C:\Users\Majer\Desktop\slaughter house.odt
2013-08-14 20:15 - 2012-04-06 16:12 - 00000000 ____D C:\Windows\System32\Tasks\Leader Technologies
2013-08-14 17:15 - 2013-08-14 17:15 - 00007334 _____ C:\Users\Majer\Desktop\OpenDocument Text (neu) (7).odt
2013-08-08 03:31 - 2013-06-21 15:54 - 00000000 ____D C:\Users\Majer\AppData\Roaming\WebCake

Files to move or delete:
====================
C:\Users\Majer\AppData\Local\Temp\BackupSetup.exe
C:\Users\Majer\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\Majer\AppData\Local\Temp\htmlayout.dll
C:\Users\Majer\AppData\Local\Temp\MybabylonTB.exe
C:\Users\Majer\AppData\Local\Temp\propsys.dll
C:\Users\Majer\AppData\Local\Temp\toolbar7893666.exe
C:\Users\Majer\AppData\Local\Temp\toolbar7893978.exe
C:\Users\Majer\AppData\Local\Temp\toolbar7912105.exe
C:\Users\Majer\AppData\Local\Temp\uninstall292423.exe
C:\Users\Majer\AppData\Local\Temp\uninstall292470.exe
C:\Users\Majer\AppData\Local\Temp\uninstall292486.exe
C:\Users\Majer\AppData\Local\Temp\WLZDF86.tmp\CddbLangDE.dll
C:\Users\Majer\AppData\Local\Temp\updE725\BabScheduler2000201.exe
C:\Users\Majer\AppData\Local\Temp\Rar$EX00.015\Service Center 2.2.5 Setup PC.exe
C:\Users\Majer\AppData\Local\Temp\busC754\BUSolution.dll
C:\Users\Majer\AppData\Local\Temp\1D5B9708-BAB0-7891-B0D9-41F5A3FD2407\Latest\BabMaint.exe
C:\Users\Majer\AppData\Local\Temp\1D5B9708-BAB0-7891-B0D9-41F5A3FD2407\Latest\BExternal.dll
C:\Users\Majer\AppData\Local\Temp\1D5B9708-BAB0-7891-B0D9-41F5A3FD2407\Latest\BUSolForMontiera.dll
C:\Users\Majer\AppData\Local\Temp\1D5B9708-BAB0-7891-B0D9-41F5A3FD2407\Latest\BUSolution.dll
C:\Users\Majer\AppData\Local\Temp\1D5B9708-BAB0-7891-B0D9-41F5A3FD2407\Latest\ccp.exe
C:\Users\Majer\AppData\Local\Temp\1D5B9708-BAB0-7891-B0D9-41F5A3FD2407\Latest\ChromeToolbarSetup.dll
C:\Users\Majer\AppData\Local\Temp\1D5B9708-BAB0-7891-B0D9-41F5A3FD2407\Latest\CrxInstaller.dll
C:\Users\Majer\AppData\Local\Temp\1D5B9708-BAB0-7891-B0D9-41F5A3FD2407\Latest\GUninstaller.exe
C:\Users\Majer\AppData\Local\Temp\1D5B9708-BAB0-7891-B0D9-41F5A3FD2407\Latest\IEHelper.dll
C:\Users\Majer\AppData\Local\Temp\1D5B9708-BAB0-7891-B0D9-41F5A3FD2407\Latest\MntrDLLInstall.dll
C:\Users\Majer\AppData\Local\Temp\1D5B9708-BAB0-7891-B0D9-41F5A3FD2407\Latest\MyDeltaTB.exe
C:\Users\Majer\AppData\Local\Temp\1D5B9708-BAB0-7891-B0D9-41F5A3FD2407\Latest\Setup.exe
C:\Users\Majer\AppData\Local\Temp\1D5B9708-BAB0-7891-B0D9-41F5A3FD2407\Latest\sqlite3.dll

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 6135.12 MB
Available physical RAM: 5395.3 MB
Total Pagefile: 6133.27 MB
Available Pagefile: 5380.12 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:59.53 GB) (Free:0.09 GB) NTFS
Drive e: (KRD10) (CDROM) (Total:0.31 GB) (Free:0 GB) CDFS
Drive f: () (Removable) (Total:3.75 GB) (Free:3.74 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 60 GB) (Disk ID: C6E322CD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=60 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 4 GB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=4 GB) - (Type=0B)

LastRegBack: 2013-09-01 21:40

==================== End Of Log ============================

broni · 2013/09/02

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run [color= "#0000FF"]FRST/FRST64[/color] and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if you can boot normally.

Durtn · 2013/09/03

It worked...you are the greatest. Thanks from all of us....here is the fixlog.txt

---------------------------------

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-08-2013
Ran by SYSTEM at 2013-09-03 14:51:23 Run:1
Running from F:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKU\Majer\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKU\Majer\...\Command Processor: <===== ATTENTION!
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL C:\PROGRA~2\MUSICT~1\Datamngr\x64\mgrldr.dll [21504 2013-06-18] ()
AppInit_DLLs-x32: C:\PROGRA~3\Wincert\WIN32C~1.DLL C:\PROGRA~2\MUSICT~1\Datamngr\mgrldr.dll [7168 2013-04-09] ()
S4 DatamngrCoordinator; C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe [3178496 2013-06-18] (Bandoo Media Inc.)
C:\Program Files (x86)\Music Toolbar
C:\Users\Majer\AppData\Local\Temp\BackupSetup.exe
C:\Users\Majer\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\Majer\AppData\Local\Temp\htmlayout.dll
C:\Users\Majer\AppData\Local\Temp\MybabylonTB.exe
C:\Users\Majer\AppData\Local\Temp\propsys.dll
C:\Users\Majer\AppData\Local\Temp\toolbar7893666.exe
C:\Users\Majer\AppData\Local\Temp\toolbar7893978.exe
C:\Users\Majer\AppData\Local\Temp\toolbar7912105.exe
C:\Users\Majer\AppData\Local\Temp\uninstall292423.exe
C:\Users\Majer\AppData\Local\Temp\uninstall292470.exe
C:\Users\Majer\AppData\Local\Temp\uninstall292486.exe
C:\Users\Majer\AppData\Local\Temp\WLZDF86.tmp\CddbLangDE.dll
C:\Users\Majer\AppData\Local\Temp\updE725\BabScheduler2000201.exe
C:\Users\Majer\AppData\Local\Temp\Rar$EX00.015\Service Center 2.2.5 Setup PC.exe
C:\Users\Majer\AppData\Local\Temp\busC754\BUSolution.dll
C:\Users\Majer\AppData\Local\Temp\1D5B9708-BAB0-7891-B0D9-41F5A3FD2407\Latest\BabMaint.exe
C:\Users\Majer\AppData\Local\Temp\1D5B9708-BAB0-7891-B0D9-41F5A3FD2407\Latest\BExternal.dll
C:\Users\Majer\AppData\Local\Temp\1D5B9708-BAB0-7891-B0D9-41F5A3FD2407\Latest\BUSolForMontiera.dll
C:\Users\Majer\AppData\Local\Temp\1D5B9708-BAB0-7891-B0D9-41F5A3FD2407\Latest\BUSolution.dll
C:\Users\Majer\AppData\Local\Temp\1D5B9708-BAB0-7891-B0D9-41F5A3FD2407\Latest\ccp.exe
C:\Users\Majer\AppData\Local\Temp\1D5B9708-BAB0-7891-B0D9-41F5A3FD2407\Latest\ChromeToolbarSetup.dll
C:\Users\Majer\AppData\Local\Temp\1D5B9708-BAB0-7891-B0D9-41F5A3FD2407\Latest\CrxInstaller.dll
C:\Users\Majer\AppData\Local\Temp\1D5B9708-BAB0-7891-B0D9-41F5A3FD2407\Latest\GUninstaller.exe
C:\Users\Majer\AppData\Local\Temp\1D5B9708-BAB0-7891-B0D9-41F5A3FD2407\Latest\IEHelper.dll
C:\Users\Majer\AppData\Local\Temp\1D5B9708-BAB0-7891-B0D9-41F5A3FD2407\Latest\MntrDLLInstall.dll
C:\Users\Majer\AppData\Local\Temp\1D5B9708-BAB0-7891-B0D9-41F5A3FD2407\Latest\MyDeltaTB.exe
C:\Users\Majer\AppData\Local\Temp\1D5B9708-BAB0-7891-B0D9-41F5A3FD2407\Latest\Setup.exe
C:\Users\Majer\AppData\Local\Temp\1D5B9708-BAB0-7891-B0D9-41F5A3FD2407\Latest\sqlite3.dll

*****************

HKU\Majer\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKU\Majer\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
DatamngrCoordinator => Service deleted successfully.
C:\Program Files (x86)\Music Toolbar => Moved successfully.
C:\Users\Majer\AppData\Local\Temp\BackupSetup.exe => Moved successfully.
C:\Users\Majer\AppData\Local\Temp\BundleSweetIMSetup.exe => Moved successfully.
C:\Users\Majer\AppData\Local\Temp\htmlayout.dll => Moved successfully.
C:\Users\Majer\AppData\Local\Temp\MybabylonTB.exe => Moved successfully.
C:\Users\Majer\AppData\Local\Temp\propsys.dll => Moved successfully.
C:\Users\Majer\AppData\Local\Temp\toolbar7893666.exe => Moved successfully.
C:\Users\Majer\AppData\Local\Temp\toolbar7893978.exe => Moved successfully.
C:\Users\Majer\AppData\Local\Temp\toolbar7912105.exe => Moved successfully.
C:\Users\Majer\AppData\Local\Temp\uninstall292423.exe => Moved successfully.
C:\Users\Majer\AppData\Local\Temp\uninstall292470.exe => Moved successfully.
C:\Users\Majer\AppData\Local\Temp\uninstall292486.exe => Moved successfully.
C:\Users\Majer\AppData\Local\Temp\WLZDF86.tmp\CddbLangDE.dll => Moved successfully.
C:\Users\Majer\AppData\Local\Temp\updE725\BabScheduler2000201.exe => Moved successfully.
C:\Users\Majer\AppData\Local\Temp\Rar$EX00.015\Service Center 2.2.5 Setup PC.exe => Moved successfully.
C:\Users\Majer\AppData\Local\Temp\busC754\BUSolution.dll => Moved successfully.
C:\Users\Majer\AppData\Local\Temp\1D5B9708-BAB0-7891-B0D9-41F5A3FD2407\Latest\BabMaint.exe => Moved successfully.
C:\Users\Majer\AppData\Local\Temp\1D5B9708-BAB0-7891-B0D9-41F5A3FD2407\Latest\BExternal.dll => Moved successfully.
C:\Users\Majer\AppData\Local\Temp\1D5B9708-BAB0-7891-B0D9-41F5A3FD2407\Latest\BUSolForMontiera.dll => Moved successfully.
C:\Users\Majer\AppData\Local\Temp\1D5B9708-BAB0-7891-B0D9-41F5A3FD2407\Latest\BUSolution.dll => Moved successfully.
C:\Users\Majer\AppData\Local\Temp\1D5B9708-BAB0-7891-B0D9-41F5A3FD2407\Latest\ccp.exe => Moved successfully.
C:\Users\Majer\AppData\Local\Temp\1D5B9708-BAB0-7891-B0D9-41F5A3FD2407\Latest\ChromeToolbarSetup.dll => Moved successfully.
C:\Users\Majer\AppData\Local\Temp\1D5B9708-BAB0-7891-B0D9-41F5A3FD2407\Latest\CrxInstaller.dll => Moved successfully.
C:\Users\Majer\AppData\Local\Temp\1D5B9708-BAB0-7891-B0D9-41F5A3FD2407\Latest\GUninstaller.exe => Moved successfully.
C:\Users\Majer\AppData\Local\Temp\1D5B9708-BAB0-7891-B0D9-41F5A3FD2407\Latest\IEHelper.dll => Moved successfully.
C:\Users\Majer\AppData\Local\Temp\1D5B9708-BAB0-7891-B0D9-41F5A3FD2407\Latest\MntrDLLInstall.dll => Moved successfully.
C:\Users\Majer\AppData\Local\Temp\1D5B9708-BAB0-7891-B0D9-41F5A3FD2407\Latest\MyDeltaTB.exe => Moved successfully.
C:\Users\Majer\AppData\Local\Temp\1D5B9708-BAB0-7891-B0D9-41F5A3FD2407\Latest\Setup.exe => Moved successfully.
C:\Users\Majer\AppData\Local\Temp\1D5B9708-BAB0-7891-B0D9-41F5A3FD2407\Latest\sqlite3.dll => Moved successfully.

==== End of Fixlog ====

broni · 2013/09/03

Good job

Please, complete all steps listed HERE

broni · 2013/09/08

Still with me?

broni · 2013/09/13

This topic is marked as abandoned and closed due to inactivity.

This member will NOT be eligible to receive any more help in malware removal forum.

Log in or Sign up

Inactive-A GVU Trojaner

Durtn Inactive Thread Starter

Durtn Inactive Thread Starter

Admin. Administrator Administrator Staff

Durtn Inactive Thread Starter

Admin. Administrator Administrator Staff

Durtn Inactive Thread Starter

broni Moderator Malware Analyst

Durtn Inactive Thread Starter

broni Moderator Malware Analyst

Durtn Inactive Thread Starter

broni Moderator Malware Analyst

Attached Files:

fixlist.txt

Durtn Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive-A GVU Trojaner

Durtn Inactive Thread Starter

Durtn Inactive Thread Starter

Admin. Administrator Administrator Staff

Durtn Inactive Thread Starter

Admin. Administrator Administrator Staff

Durtn Inactive Thread Starter

broni Moderator Malware Analyst

Durtn Inactive Thread Starter

broni Moderator Malware Analyst

Durtn Inactive Thread Starter

broni Moderator Malware Analyst

Attached Files:

fixlist.txt

Durtn Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Share This Page

Useful Searches