Page 1 of 3 123 Last
  1. #1

    Arte,is Trojan

    McAfee All Access reported Artemis Trojan, a number of files were quarantined then deleted, subsequent days Firewall and on-line scans started failing intermittently then stopped.


    PC does not boot into windows, basically locked in loop of reporting corrupted system files, scans run then report unable to fix issues.


    I have run SFC \scannow numerous times, I have also run SFCfix report attached.
    Attached Files Attached Files


    • Ad Bot

      advertising
      Beep.

        
       

  2. #2
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,481

    Re: Arte,is Trojan

    Hi, ot008239.

    Please download MiniToolBox, save it to your desktop and run it.

    Checkmark the following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Devices
    • List Users, Partitions and Memory size.
    • List Minidump Files

    Click Go and copy/paste the (do not attach) results (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

    Following that, please follow the instructions at Malware Removal Posting Instructions and provide the requested logs.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  3. #3

    Re: Artemis Trojan

    Sadly my PC doesn't boot in any Safe Modes, locked into a cycle for automatic repair, which fails.


    From Startup Repair
    Root cause found

    Boot critical file c:\windows\system32\drivers\8b66cd9be5c7a4f2.sys is corrupt
    Last edited by ot008239; 07-22-2015 at 04:04 PM. Reason: ETA

  4. #4
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,481

    Re: Arte,is Trojan

    Hi, ot008239. Let's give this a try:

    • Download FRST to a USB flash drive.
    • Download FRST64 to a USB flash drive.
    • Plug the USB drive into the infected machine.


    Boot your computer into Recovery Environment

    • Restart the computer and press F8 repeatedly until the Advanced Options Menu appears.
    • Select Repair your computer.
    • Select Language and click Next
    • Enter password (if necessary) and click OK, you should now see the screen below ...




    • Select the Command Prompt option.
    • A command window will open.
      • Type notepad then hit Enter.
      • Notepad will open.
        • Click File > Open then select Computer.
        • Note down the drive letter for your USB Drive.
        • Close Notepad.
    • Back in the command window ....
      • Type e:/frst.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
      • Type e:/frst64.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
      • FRST will start to run.
        • When the tool opens click Yes to disclaimer.
        • Press Scan button.
        • When finished scanning it will make a log FRST.txt on the flash drive.
    • Close the command window.
    • Boot back into normal mode and post me the FRST.txt log please.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  5. #5

    Re: Arte,is Trojan

    Followed the instructions but get the message below even though I can change to the USB drive and files are visible in notepad and command line

    The Subsystem needed to support the image type is not present

  6. #6
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,481

    Re: Arte,is Trojan

    Since SFC didn't fix the problem, see if Repair will.

    As before, Boot your computer into Recovery Environment

    • Restart the computer and press F8 repeatedly until the Advanced Options Menu appears.
    • Select Repair your computer.
    • Select Language and click Next
    • Enter password (if necessary) and click OK, you should now see the screen below ...




    This time, select Startup Repair. Note: Startup repair sometimes takes three times. The first time you run it, it attempts to repair any system level corruption via SFC /SCANNOW. The second time it runs, it checks the hard disk for bad sectors and a corrupted file system. This is usually the longer of the three runs. The third time it runs, it tries to use a system restore point to replace a possibly damaged registry.

    Since it is unknown whether the problem was caused by McAfee or something else, if you have the opportunity to select a restore point, I suggest using a date prior to McAfee removing the files as the trojan identified a number of years old. The main thing is to see if we can get your computer up and running again and then we'll deal with any infection.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  7. #7

    Re: Arte,is Trojan

    System retores have been unsuccessful. I have Dell DataSafe with an option to reset back to factory defaults but without affecting data, are you familiar with this feature?

  8. #8
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,481

    Re: Arte,is Trojan

    I've seen that it is a Dell feature but have never used a Dell computer. Since it will reset to factory defaults, you may want to try a very nice recovery Linux LiveCD called Trinity Rescue Kit to retrieve files from dead/dying/infected computers, and to also do some virus scanning as well as removing passwords, etc. You can get it from here: Trinity Rescue Kit.

    In the meantime, I'll ask if anyone has any other suggestions for you to try first. Another member and I believe that the 8b66cd9be5c7a4f2.sys driver is malware and tied to the problem.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  9. #9

    Re: Arte,is Trojan

    I assume I would start with bootsector repair?

  10. #10
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,481

    Re: Arte,is Trojan

    Here's a question first. A member of the team (thanks, BrianDrab) wonders if perhaps you inadvertently tried to use the wrong version of FRST. With a 64-bit operating system, you need to use FRST 64. If you used the wrong version, please try the instructions from post #43 above again to use the Farbar Recovery Scan Tool.

    A quick repost of the instructions:

    Please download Farbar Recovery Scan Tool and save it to a flash drive.

    Plug the flash drive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.


    On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt


    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  11. #11

    Re: Arte,is Trojan

    Output from frst64


    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
    Ran by SYSTEM on MININT-J3UB2EQ on 24-07-2015 11:40:37
    Running from C:\
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Recovery
    The current controlset is ControlSet001
    ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum
    ==================== Registry (Whitelisted) ==================
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    HKLM\...\Run: [Stage Remote] => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-27] ()
    HKLM\...\Run: [boinctray] => C:\Program Files\BOINC\boinctray.exe [68928 2015-03-09] (Space Sciences Laboratory)
    HKLM\...\Run: [boincmgr] => C:\Program Files\BOINC\boincmgr.exe [8926016 2015-03-09] (Space Sciences Laboratory)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-06] (Apple Inc.)
    HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
    HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
    HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [616272 2015-04-07] (McAfee, Inc.)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-24] (Sonic Solutions)
    HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
    HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
    HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [719272 2015-04-02] (McAfee, Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
    HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [296960 2015-05-25] (Microsoft Corporation)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKLM\...\Policies\Explorer\Run: [711536280] => C:\ProgramData\msrllq.exe [52736 2010-11-20] ()
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
    HKLM\...\Policies\Explorer: [HideSCAHealth] 1
    HKU\Orrin JNR\...\Run: [Google Update] => C:\Users\Orrin JNR\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-15] (Google Inc.)
    HKU\Thomas\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53282944 2015-06-16] (Skype Technologies S.A.)
    HKU\Thomas\...\Run: [Amazon Music] => C:\Users\Thomas\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-07] ()
    HKU\Thomas\...\Run: [OneDrive] => C:\Users\Thomas\AppData\Local\Microsoft\OneDrive\OneDrive.exe [382664 2015-05-22] (Microsoft Corporation)
    HKU\Thomas\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
    HKU\Thomas\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
    HKU\Thomas\...\Run: [**3fc8a7d2<*>] => mshta javascript:Ms3ZRq7u="V";g1l9=new%20ActiveXObject("WScript.Shell");ZolWKzx5R="EN4hV7";wNvs09=g1l9.RegRead("HKCU\\software\\0c778563\\2d0e539a");Zyilg2gbV="hhx";eval(wNvs09);UeEVVe2o7="LbiEUgXF"; <===== ATTENTION (Value Name with invalid characters)
    HKU\Thomas\...\Run: [**fdb291dc<*>] => mshta javascript:X2USNjN5="K1v";V22z=new%20ActiveXObject("WScript.Shell");B2kFNQdtA9="IqT";eO11jM=V22z.RegRead("HKCU\\software\\0c778563\\2d0e539a");c3NvvUZAl="Q";eval(eO11jM);gVac7qe="v7DcfT"; <===== ATTENTION (Value Name with invalid characters)
    HKU\Thomas\...\Run: [d3dxawex] => C:\Users\Thomas\AppData\Roaming\C_G1awex.exe [266240 2015-07-13] ()
    HKU\Thomas\...\Run: [DifhAvud] => regsvr32.exe "C:\ProgramData\DifhAvud\AixpIvum.nyz"
    HKU\Thomas\...\Run: [FireFoxUpdServeisSystem] => C:\Users\Thomas\AppData\Roaming\FireFoxUpdServeis\Microsoft_naragugica.exe [77312 2015-07-14] ()
    ==================== Services (Whitelisted) =================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
    S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2739888 2015-05-18] (Microsoft Corporation)
    S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
    S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-07-03] (McAfee, Inc.)
    S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [753768 2015-04-07] (McAfee, Inc.)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
    S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.450.0\McCSPServiceHost.exe [207344 2015-04-08] (McAfee, Inc.)
    S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
    S2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
    S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [612688 2015-04-09] (McAfee, Inc.)
    S2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
    S2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
    S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-02-17] (McAfee, Inc.)
    S2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [372144 2015-04-06] (McAfee, Inc.)
    S2 mfevtp; C:\Windows\system32\mfevtps.exe [250672 2015-02-17] (McAfee, Inc.)
    S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
    S2 syshost32; C:\Windows\Installer\{269A4ED8-3094-6D54-48F0-3CC425AC5ECE}\syshost.exe [196923 2015-07-14] ()
    S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
    S2 NetworkHostSrv; "C:\ProgramData\Online\sv.exe" [X]
    ==================== Drivers (Whitelisted) ====================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    S0 8b66cd9be5c7a4f2; C:\Windows\System32\Drivers\8b66cd9be5c7a4f2.sys [94152 2015-07-14] () <===== ATTENTION Necurs Rootkit?
    S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [68784 2015-02-17] (McAfee, Inc.)
    S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
    S2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [76064 2015-03-27] (McAfee, Inc.)
    S3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [401736 2015-02-17] (McAfee, Inc.)
    S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [337888 2015-02-17] (McAfee, Inc.)
    S0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-02-17] (McAfee, Inc.)
    S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [488000 2015-02-17] (McAfee, Inc.)
    S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864072 2015-02-17] (McAfee, Inc.)
    S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [482600 2015-01-15] (McAfee, Inc.)
    S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100720 2015-01-15] (McAfee, Inc.)
    S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340448 2015-02-17] (McAfee, Inc.)
    S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
    S0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-01-03] (Duplex Secure Ltd.)
    S1 fqjnrwka; \??\C:\Windows\system32\drivers\fqjnrwka.sys [X]
    S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
    S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [X]
    S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
    ==================== NetSvcs (Whitelisted) ===================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ==================== One Month Created files and folders ========
    (If an entry is included in the fixlist, the file/folder will be moved.)
    2015-07-24 11:40 - 2015-07-24 11:40 - 00000000 _____ C:\FRST.txt
    2015-07-24 11:36 - 2015-07-24 11:40 - 00000000 ____D C:\FRST
    2015-07-23 01:37 - 2015-07-23 01:37 - 02135552 _____ (Farbar) C:\frst64.exe
    2015-07-21 13:08 - 2015-07-21 13:08 - 06420480 _____ C:\Program Files (x86)\GUTD3D3.tmp
    2015-07-21 12:29 - 2015-07-21 12:25 - 00002289 _____ C:\Users\Thomas\Desktop\SFCFix.zip
    2015-07-21 12:24 - 2015-07-21 12:25 - 00002289 _____ C:\Users\Thomas\Downloads\SFCFix.zip
    2015-07-18 19:31 - 2015-07-22 19:41 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\tor
    2015-07-17 14:37 - 2015-07-21 12:51 - 00000000 ____D C:\Users\Thomas\AppData\Local\niemiro
    2015-07-17 05:03 - 2015-07-17 05:03 - 00000387 _____ C:\Users\Thomas\Desktop\copy.txt
    2015-07-17 04:56 - 2015-07-17 04:57 - 00000000 ____D C:\Users\Thomas\copy
    2015-07-17 04:55 - 2015-07-17 04:55 - 00000000 ____D C:\Users\Thomas\Downloads\Copy
    2015-07-17 03:11 - 2015-07-21 12:51 - 00003148 _____ C:\Users\Thomas\Desktop\SFCFix.txt
    2015-07-17 03:11 - 2015-07-21 12:51 - 00000000 ____D C:\SFCFix
    2015-07-17 02:50 - 2015-07-17 02:55 - 00003212 _____ C:\Users\Thomas\sfcdetails.txt
    2015-07-15 23:06 - 2015-07-15 23:06 - 00000000 ____D C:\Quarantine
    2015-07-15 22:56 - 2015-07-17 03:37 - 00000000 ____D C:\Program Files (x86)\stinger
    2015-07-15 22:55 - 2015-07-22 19:41 - 00000000 ____D C:\Users\Thomas\Downloads\stinger32-epo
    2015-07-15 13:35 - 2015-07-15 13:35 - 00000000 ____D C:\Users\Thomas\Desktop\McAfee File Lock
    2015-07-15 12:14 - 2015-07-15 13:18 - 00095802 _____ C:\Users\Thomas\Desktop\sfcdetails.txt
    2015-07-15 11:58 - 2015-07-15 11:58 - 00000000 ____D C:\Users\Thomas\McAfee File Lock
    2015-07-14 03:26 - 2015-07-14 03:26 - 00094152 _____ C:\Windows\System32\Drivers\8b66cd9be5c7a4f2.sys
    2015-07-14 03:26 - 2015-07-14 03:26 - 00000342 _____ C:\Windows\PFRO.log
    2015-07-14 03:22 - 2015-07-23 23:27 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\FireFoxUpdServeis
    2015-07-14 03:22 - 2015-07-14 03:22 - 00000064 _____ C:\Users\Thomas\AppData\Roaming\$FFFCB712AC.sys
    2015-07-13 12:45 - 2015-07-14 03:26 - 00000112 _____ C:\Windows\setupact.log
    2015-07-13 12:45 - 2015-07-13 12:45 - 00000000 _____ C:\Windows\setuperr.log
    2015-07-13 12:16 - 2015-07-13 12:16 - 00000000 ____D C:\Windows\System32\McAfee File Lock
    2015-07-13 09:46 - 2015-07-13 09:46 - 00000000 ____D C:\ProgramData\DifhAvud
    2015-07-13 05:48 - 2015-07-13 08:49 - 00266240 _____ C:\Users\Thomas\AppData\Roaming\C_G1awex.exe
    2015-07-13 02:12 - 2015-07-13 02:14 - 00000157 _____ C:\Users\Thomas\AppData\Local\svcxdcl32.dat
    2015-07-13 02:11 - 2015-07-14 03:22 - 00000000 _____ C:\Users\Thomas\AppData\Local\svcxdcl32.exe
    2015-07-13 02:11 - 2015-07-13 02:12 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
    2015-07-03 06:35 - 2015-07-12 10:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2015-06-28 10:52 - 2015-06-29 01:12 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\vlc
    2015-06-28 10:50 - 2015-06-28 10:50 - 00001032 _____ C:\Users\Public\Desktop\VLC media player.lnk
    2015-06-28 10:50 - 2015-06-28 10:50 - 00001032 _____ C:\ProgramData\Desktop\VLC media player.lnk
    2015-06-28 10:49 - 2015-06-28 10:49 - 28849904 _____ C:\Users\Thomas\Downloads\vlc-2.2.1-win32.exe
    2015-06-28 10:49 - 2015-06-28 10:49 - 00000000 ____D C:\Program Files (x86)\VideoLAN
    ==================== One Month Modified files and folders ========
    (If an entry is included in the fixlist, the file/folder will be moved.)
    2015-07-23 23:28 - 2014-12-09 19:22 - 00000000 ____D C:\Windows\System32\appraiser
    2015-07-23 23:28 - 2014-08-09 05:12 - 00000000 ____D C:\users\Guest
    2015-07-23 23:28 - 2014-05-06 18:00 - 00000000 ___SD C:\Windows\System32\CompatTel
    2015-07-23 23:28 - 2012-07-15 07:50 - 00000000 ____D C:\users\Orrin JNR
    2015-07-23 23:28 - 2012-05-08 08:58 - 00000000 ____D C:\users\Thomas
    2015-07-23 23:28 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing
    2015-07-23 23:27 - 2015-05-15 23:52 - 00000000 __RSD C:\Users\Thomas\Documents\McAfee Vaults
    2015-07-23 23:27 - 2015-04-04 18:00 - 00000000 ___SD C:\Windows\System32\GWX
    2015-07-23 23:27 - 2014-05-14 11:23 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Skype
    2015-07-23 23:27 - 2012-11-29 11:21 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\uTorrent
    2015-07-23 23:27 - 2012-05-09 12:20 - 00000000 ____D C:\ProgramData\McAfee Security Scan
    2015-07-23 23:27 - 2012-05-01 03:52 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
    2015-07-23 23:25 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
    2015-07-23 23:23 - 2012-05-08 09:19 - 00000000 ____D C:\ProgramData\BOINC
    2015-07-23 23:22 - 2015-04-04 02:39 - 00000000 ____D C:\Program Files\Microsoft Office 15
    2015-07-23 23:22 - 2012-05-01 04:08 - 00000000 ____D C:\Program Files\mcafee
    2015-07-22 10:20 - 2012-05-01 04:26 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
    2015-07-22 10:20 - 2012-05-01 04:26 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
    2015-07-22 10:05 - 2013-10-23 06:27 - 00000000 ____D C:\ProgramData\boost_interprocess
    2015-07-21 12:57 - 2012-05-01 04:15 - 00000000 ____D C:\ProgramData\Sonic
    2015-07-15 19:47 - 2010-11-20 23:16 - 00000000 ___RD C:\Users\Public\Recorded TV
    2015-07-14 14:58 - 2012-05-08 09:00 - 00000422 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
    2015-07-14 14:17 - 2013-03-28 13:55 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-07-14 14:06 - 2012-09-02 09:09 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-07-14 13:17 - 2013-03-28 13:55 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-07-14 13:17 - 2012-05-01 03:35 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-07-14 13:17 - 2012-05-01 03:35 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-07-14 12:49 - 2012-07-15 12:24 - 00000872 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3274687172-3602840966-2228239552-1006Core.job
    2015-07-14 09:06 - 2012-09-02 09:09 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-07-14 03:42 - 2009-07-13 20:45 - 00028352 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-07-14 03:42 - 2009-07-13 20:45 - 00028352 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-07-14 03:26 - 2009-07-13 21:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2015-07-14 03:26 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-07-13 19:42 - 2015-04-04 02:44 - 00004978 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for trustno1-Thomas trustno1
    2015-07-13 12:46 - 2012-12-22 03:26 - 00000000 ___RD C:\Users\Thomas\SkyDrive
    2015-07-13 10:53 - 2015-05-15 23:49 - 00000000 ____D C:\Program Files (x86)\McAfee
    2015-07-13 10:53 - 2014-08-21 12:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2015-07-13 05:00 - 2012-05-09 05:00 - 00003488 _____ C:\Windows\System32\Tasks\PCDEventLauncher
    2015-07-13 05:00 - 2012-05-08 09:00 - 00003450 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
    2015-07-12 09:07 - 2009-07-13 21:13 - 00006506 _____ C:\Windows\System32\PerfStringBackup.INI
    2015-07-12 09:00 - 2012-05-08 09:00 - 00000564 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
    2015-07-12 08:47 - 2014-11-12 00:47 - 00000000 __SHD C:\Users\Thomas\AppData\Local\EmieBrowserModeList
    2015-07-12 08:47 - 2014-04-30 09:30 - 00000000 __SHD C:\Users\Thomas\AppData\Local\EmieUserList
    2015-07-12 08:47 - 2014-04-30 09:30 - 00000000 __SHD C:\Users\Thomas\AppData\Local\EmieSiteList
    2015-07-04 19:00 - 2012-05-08 09:00 - 00004268 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
    2015-07-02 12:51 - 2009-07-13 21:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
    2015-06-26 03:30 - 2014-11-09 11:44 - 00000000 ___RD C:\Program Files (x86)\Skype
    2015-06-26 03:30 - 2012-05-01 03:54 - 00000000 ____D C:\ProgramData\Skype
    Files to move or delete:
    ====================
    C:\ProgramData\msrllq.exe

    ==================== Known DLLs (Whitelisted) ================

    ==================== Bamital & volsnap Check =================
    (There is no automatic fix for files that do not pass verification.)
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== Restore Points =========================
    Restore point made on: 2015-07-14 15:00:12
    ==================== Memory info ===========================
    Percentage of memory in use: 10%
    Total physical RAM: 8104.63 MB
    Available physical RAM: 7220.89 MB
    Total Virtual: 8102.83 MB
    Available Virtual: 7193.83 MB
    ==================== Drives ================================
    Drive c: (OS) (Fixed) (Total:450.91 GB) (Free:145.58 GB) NTFS
    Drive g: (RECOVERY) (Fixed) (Total:14.81 GB) (Free:5.74 GB) NTFS ==>[system with boot components (obtained from reading drive)]
    Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: ACEA298C)
    Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
    Partition 2: (Active) - (Size=14.8 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=450.9 GB) - (Type=07 NTFS)

    LastRegBack: 2015-07-14 03:56
    ==================== End of log ============================

  12. #12
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,481

    Re: Arte,is Trojan

    That is one nasty infection on your computer. It is important for you to note up front that this family of malware works together to download other malware and can also give a malicious hacker backdoor access and control of your PC. I'll do my best to help you clean your computer.

    • Click Start
    • Type notepad.exe in the search programs and files box and click Enter.
    • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad.

    Code:
    HKLM-x32\...\Run: [] => [X]
    HKLM\...\Policies\Explorer\Run: [711536280] => C:\ProgramData\msrllq.exe [52736 2010-11-20] ()
    HKU\Thomas\...\Run: [**3fc8a7d2<*>] => mshta javascript:Ms3ZRq7u="V";g1l9=new%20ActiveXObject("WScript.Shell");ZolWKzx5R="EN4hV7";wNvs09=g1l9.RegRead("HKCU\\software\\0c778563\\2d0e539a");Zyilg2gbV="hhx";eval(wNvs09);UeEVVe2o7="LbiEUgXF"; <===== ATTENTION (Value Name with invalid characters)
    HKU\Thomas\...\Run: [**fdb291dc<*>] => mshta javascript:X2USNjN5="K1v";V22z=new%20ActiveXObject("WScript.Shell");B2kFNQdtA9="IqT";eO11jM=V22z.RegRead("HKCU\\software\\0c778563\\2d0e539a");c3NvvUZAl="Q";eval(eO11jM);gVac7qe="v7DcfT"; <===== ATTENTION (Value Name with invalid characters)
    HKU\Thomas\...\Run: [d3dxawex] => C:\Users\Thomas\AppData\Roaming\C_G1awex.exe [266240 2015-07-13] ()
    HKU\Thomas\...\Run: [DifhAvud] => regsvr32.exe "C:\ProgramData\DifhAvud\AixpIvum.nyz"
    HKU\Thomas\...\Run: [FireFoxUpdServeisSystem] => C:\Users\Thomas\AppData\Roaming\FireFoxUpdServeis\Microsoft_naragugica.exe [77312 2015-07-14] ()
    S2 NetworkHostSrv; "C:\ProgramData\Online\sv.exe" [X]
    S0 8b66cd9be5c7a4f2; C:\Windows\System32\Drivers\8b66cd9be5c7a4f2.sys [94152 2015-07-14] () <===== ATTENTION Necurs Rootkit?
    S1 fqjnrwka; \??\C:\Windows\system32\drivers\fqjnrwka.sys [X]
    S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
    S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [X]
    S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
    2015-07-21 13:08 - 2015-07-21 13:08 - 06420480 _____ C:\Program Files (x86)\GUTD3D3.tmp
    2015-07-18 19:31 - 2015-07-22 19:41 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\tor
    2015-07-14 03:26 - 2015-07-14 03:26 - 00094152 _____ C:\Windows\System32\Drivers\8b66cd9be5c7a4f2.sys
    2015-07-14 03:22 - 2015-07-23 23:27 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\FireFoxUpdServeis
    2015-07-14 03:22 - 2015-07-14 03:22 - 00000064 _____ C:\Users\Thomas\AppData\Roaming\$FFFCB712AC.sys
    2015-07-13 09:46 - 2015-07-13 09:46 - 00000000 ____D C:\ProgramData\DifhAvud
    2015-07-13 05:48 - 2015-07-13 08:49 - 00266240 _____ C:\Users\Thomas\AppData\Roaming\C_G1awex.exe
    2015-07-13 02:12 - 2015-07-13 02:14 - 00000157 _____ C:\Users\Thomas\AppData\Local\svcxdcl32.dat
    2015-07-13 02:11 - 2015-07-14 03:22 - 00000000 _____ C:\Users\Thomas\AppData\Local\svcxdcl32.exe
    2015-07-13 02:11 - 2015-07-13 02:12 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
    C:\ProgramData\msrllq.exe
    • Save it to your USB flashdrive as fixlist.txt


    NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

    Boot into Recovery Environment

    • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
      • Press the Fix button once and wait.
      • FRST will process fixlist.txt
      • When finished, it will produce a log fixlog.txt on your USB flashdrive.
    • Exit out of Recovery Environment and copy/paste the log please.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  13. #13

    Re: Arte,is Trojan

    Fixlog.txt



    Fix result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
    Ran by SYSTEM at 2015-07-24 16:10:57 Run:1
    Running from C:\
    Boot Mode: Recovery
    ==============================================
    fixlist content:
    *****************
    HKLM-x32\...\Run: [] => [X]
    HKLM\...\Policies\Explorer\Run: [711536280] => C:\ProgramData\msrllq.exe [52736 2010-11-20] ()
    HKU\Thomas\...\Run: [**3fc8a7d2<*>] => mshta javascript:Ms3ZRq7u="V";g1l9=new%20ActiveXObject("WScript.Shell");ZolWKzx5R="EN4hV7";wNvs09=g1l9.RegRead("HKCU\\software\\0c778563\\2d0e539a");Zyilg2gbV="hhx";eval(wNvs09);UeEVVe2o7="LbiEUgXF"; <===== ATTENTION (Value Name with invalid characters)
    HKU\Thomas\...\Run: [**fdb291dc<*>] => mshta javascript:X2USNjN5="K1v";V22z=new%20ActiveXObject("WScript.Shell");B2kFNQdtA9="IqT";eO11jM=V22z.RegRead("HKCU\\software\\0c778563\\2d0e539a");c3NvvUZAl="Q";eval(eO11jM);gVac7qe="v7DcfT"; <===== ATTENTION (Value Name with invalid characters)
    HKU\Thomas\...\Run: [d3dxawex] => C:\Users\Thomas\AppData\Roaming\C_G1awex.exe [266240 2015-07-13] ()
    HKU\Thomas\...\Run: [DifhAvud] => regsvr32.exe "C:\ProgramData\DifhAvud\AixpIvum.nyz"
    HKU\Thomas\...\Run: [FireFoxUpdServeisSystem] => C:\Users\Thomas\AppData\Roaming\FireFoxUpdServeis\Microsoft_naragugica.exe [77312 2015-07-14] ()
    S2 NetworkHostSrv; "C:\ProgramData\Online\sv.exe" [X]
    S0 8b66cd9be5c7a4f2; C:\Windows\System32\Drivers\8b66cd9be5c7a4f2.sys [94152 2015-07-14] () <===== ATTENTION Necurs Rootkit?
    S1 fqjnrwka; \??\C:\Windows\system32\drivers\fqjnrwka.sys [X]
    S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
    S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [X]
    S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
    2015-07-21 13:08 - 2015-07-21 13:08 - 06420480 _____ C:\Program Files (x86)\GUTD3D3.tmp
    2015-07-18 19:31 - 2015-07-22 19:41 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\tor
    2015-07-14 03:26 - 2015-07-14 03:26 - 00094152 _____ C:\Windows\System32\Drivers\8b66cd9be5c7a4f2.sys
    2015-07-14 03:22 - 2015-07-23 23:27 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\FireFoxUpdServeis
    2015-07-14 03:22 - 2015-07-14 03:22 - 00000064 _____ C:\Users\Thomas\AppData\Roaming\$FFFCB712AC.sys
    2015-07-13 09:46 - 2015-07-13 09:46 - 00000000 ____D C:\ProgramData\DifhAvud
    2015-07-13 05:48 - 2015-07-13 08:49 - 00266240 _____ C:\Users\Thomas\AppData\Roaming\C_G1awex.exe
    2015-07-13 02:12 - 2015-07-13 02:14 - 00000157 _____ C:\Users\Thomas\AppData\Local\svcxdcl32.dat
    2015-07-13 02:11 - 2015-07-14 03:22 - 00000000 _____ C:\Users\Thomas\AppData\Local\svcxdcl32.exe
    2015-07-13 02:11 - 2015-07-13 02:12 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
    C:\ProgramData\msrllq.exe
    *****************
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
    HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\711536280 => value removed successfully
    HKU\Thomas\Software\Microsoft\Windows\CurrentVersion\Run\\**3fc8a7d2<*> => value removed successfully
    HKU\Thomas\Software\Microsoft\Windows\CurrentVersion\Run\\**fdb291dc<*> => value removed successfully
    HKU\Thomas\Software\Microsoft\Windows\CurrentVersion\Run\\d3dxawex => value removed successfully
    HKU\Thomas\Software\Microsoft\Windows\CurrentVersion\Run\\DifhAvud => value removed successfully
    HKU\Thomas\Software\Microsoft\Windows\CurrentVersion\Run\\FireFoxUpdServeisSystem => value removed successfully
    NetworkHostSrv => Service removed successfully
    8b66cd9be5c7a4f2 => Service removed successfully
    fqjnrwka => Service removed successfully
    MBAMSwissArmy => Service removed successfully
    PcdrNdisuio => Service removed successfully
    VBoxNetFlt => Service removed successfully
    C:\Program Files (x86)\GUTD3D3.tmp => moved successfully.
    C:\Users\Thomas\AppData\Roaming\tor => moved successfully.
    C:\Windows\System32\Drivers\8b66cd9be5c7a4f2.sys => moved successfully.
    C:\Users\Thomas\AppData\Roaming\FireFoxUpdServeis => moved successfully.
    C:\Users\Thomas\AppData\Roaming\$FFFCB712AC.sys => moved successfully.
    C:\ProgramData\DifhAvud => moved successfully.
    C:\Users\Thomas\AppData\Roaming\C_G1awex.exe => moved successfully.
    C:\Users\Thomas\AppData\Local\svcxdcl32.dat => moved successfully.
    C:\Users\Thomas\AppData\Local\svcxdcl32.exe => moved successfully.
    C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8} => moved successfully.
    C:\ProgramData\msrllq.exe => moved successfully.
    ==== End of Fixlog 16:10:58 ====

  14. #14
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,481

    Re: Arte,is Trojan

    Are you still in a loop or can you start the computer normally now?

    If you can start the computer normally, please do the following:

    • Download Malwarebytes Anti-Rootkit from HERE
    • Unzip the contents to a folder in a convenient location, preferably the desktop.
    • Open the folder where the contents were unzipped and run mbar.exe. Note: If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. Click Yes.
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  15. #15

    Re: Arte,is Trojan

    The PC is still not booting, appears to be in the same loop. :-(

    I am seeing the following:

    Problem Signature 07: CorruptFile
    Last edited by ot008239; 07-24-2015 at 05:25 PM. Reason: STA

  16. #16
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,481

    Re: Arte,is Trojan

    Please provide a fresh FRST log.

    Plug the flash drive you prepared previously into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.


    On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt


    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  17. #17

    Re: Arte,is Trojan

    Corrine

    Thanks for your help thus far, output frst64 below:


    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
    Ran by SYSTEM on MININT-7F955RL on 24-07-2015 23:05:03
    Running from C:\
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Recovery
    The current controlset is ControlSet001
    ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum
    ==================== Registry (Whitelisted) ==================
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    HKLM\...\Run: [Stage Remote] => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-27] ()
    HKLM\...\Run: [boinctray] => C:\Program Files\BOINC\boinctray.exe [68928 2015-03-09] (Space Sciences Laboratory)
    HKLM\...\Run: [boincmgr] => C:\Program Files\BOINC\boincmgr.exe [8926016 2015-03-09] (Space Sciences Laboratory)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-06] (Apple Inc.)
    HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
    HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
    HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [616272 2015-04-07] (McAfee, Inc.)
    HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-24] (Sonic Solutions)
    HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
    HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
    HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [719272 2015-04-02] (McAfee, Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
    HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [296960 2015-05-25] (Microsoft Corporation)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
    HKLM\...\Policies\Explorer: [HideSCAHealth] 1
    HKU\Orrin JNR\...\Run: [Google Update] => C:\Users\Orrin JNR\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-15] (Google Inc.)
    HKU\Thomas\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53282944 2015-06-16] (Skype Technologies S.A.)
    HKU\Thomas\...\Run: [Amazon Music] => C:\Users\Thomas\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-07] ()
    HKU\Thomas\...\Run: [OneDrive] => C:\Users\Thomas\AppData\Local\Microsoft\OneDrive\OneDrive.exe [382664 2015-05-22] (Microsoft Corporation)
    HKU\Thomas\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
    HKU\Thomas\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
    ==================== Services (Whitelisted) =================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
    S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2739888 2015-05-18] (Microsoft Corporation)
    S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
    S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-07-03] (McAfee, Inc.)
    S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [753768 2015-04-07] (McAfee, Inc.)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
    S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.450.0\McCSPServiceHost.exe [207344 2015-04-08] (McAfee, Inc.)
    S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
    S2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
    S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [612688 2015-04-09] (McAfee, Inc.)
    S2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
    S2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
    S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-02-17] (McAfee, Inc.)
    S2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [372144 2015-04-06] (McAfee, Inc.)
    S2 mfevtp; C:\Windows\system32\mfevtps.exe [250672 2015-02-17] (McAfee, Inc.)
    S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
    S2 syshost32; C:\Windows\Installer\{269A4ED8-3094-6D54-48F0-3CC425AC5ECE}\syshost.exe [196923 2015-07-14] ()
    S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
    ==================== Drivers (Whitelisted) ====================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [68784 2015-02-17] (McAfee, Inc.)
    S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
    S2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [76064 2015-03-27] (McAfee, Inc.)
    S3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [401736 2015-02-17] (McAfee, Inc.)
    S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [337888 2015-02-17] (McAfee, Inc.)
    S0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-02-17] (McAfee, Inc.)
    S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [488000 2015-02-17] (McAfee, Inc.)
    S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864072 2015-02-17] (McAfee, Inc.)
    S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [482600 2015-01-15] (McAfee, Inc.)
    S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100720 2015-01-15] (McAfee, Inc.)
    S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340448 2015-02-17] (McAfee, Inc.)
    S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
    S0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-01-03] (Duplex Secure Ltd.)
    ==================== NetSvcs (Whitelisted) ===================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ==================== One Month Created files and folders ========
    (If an entry is included in the fixlist, the file/folder will be moved.)
    2015-07-24 11:40 - 2015-07-24 23:05 - 00000000 _____ C:\FRST.txt
    2015-07-24 11:36 - 2015-07-24 23:05 - 00000000 ____D C:\FRST
    2015-07-23 01:37 - 2015-07-23 01:37 - 02135552 _____ (Farbar) C:\frst64.exe
    2015-07-21 12:29 - 2015-07-21 12:25 - 00002289 _____ C:\Users\Thomas\Desktop\SFCFix.zip
    2015-07-21 12:24 - 2015-07-21 12:25 - 00002289 _____ C:\Users\Thomas\Downloads\SFCFix.zip
    2015-07-17 14:37 - 2015-07-21 12:51 - 00000000 ____D C:\Users\Thomas\AppData\Local\niemiro
    2015-07-17 05:03 - 2015-07-17 05:03 - 00000387 _____ C:\Users\Thomas\Desktop\copy.txt
    2015-07-17 04:56 - 2015-07-17 04:57 - 00000000 ____D C:\Users\Thomas\copy
    2015-07-17 04:55 - 2015-07-17 04:55 - 00000000 ____D C:\Users\Thomas\Downloads\Copy
    2015-07-17 03:11 - 2015-07-21 12:51 - 00003148 _____ C:\Users\Thomas\Desktop\SFCFix.txt
    2015-07-17 03:11 - 2015-07-21 12:51 - 00000000 ____D C:\SFCFix
    2015-07-17 02:50 - 2015-07-17 02:55 - 00003212 _____ C:\Users\Thomas\sfcdetails.txt
    2015-07-15 23:06 - 2015-07-15 23:06 - 00000000 ____D C:\Quarantine
    2015-07-15 22:56 - 2015-07-17 03:37 - 00000000 ____D C:\Program Files (x86)\stinger
    2015-07-15 22:55 - 2015-07-22 19:41 - 00000000 ____D C:\Users\Thomas\Downloads\stinger32-epo
    2015-07-15 13:35 - 2015-07-15 13:35 - 00000000 ____D C:\Users\Thomas\Desktop\McAfee File Lock
    2015-07-15 12:14 - 2015-07-15 13:18 - 00095802 _____ C:\Users\Thomas\Desktop\sfcdetails.txt
    2015-07-15 11:58 - 2015-07-15 11:58 - 00000000 ____D C:\Users\Thomas\McAfee File Lock
    2015-07-14 03:26 - 2015-07-14 03:26 - 00000342 _____ C:\Windows\PFRO.log
    2015-07-13 12:45 - 2015-07-14 03:26 - 00000112 _____ C:\Windows\setupact.log
    2015-07-13 12:45 - 2015-07-13 12:45 - 00000000 _____ C:\Windows\setuperr.log
    2015-07-13 12:16 - 2015-07-13 12:16 - 00000000 ____D C:\Windows\System32\McAfee File Lock
    2015-07-03 06:35 - 2015-07-12 10:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2015-06-28 10:52 - 2015-06-29 01:12 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\vlc
    2015-06-28 10:50 - 2015-06-28 10:50 - 00001032 _____ C:\Users\Public\Desktop\VLC media player.lnk
    2015-06-28 10:50 - 2015-06-28 10:50 - 00001032 _____ C:\ProgramData\Desktop\VLC media player.lnk
    2015-06-28 10:49 - 2015-06-28 10:49 - 28849904 _____ C:\Users\Thomas\Downloads\vlc-2.2.1-win32.exe
    2015-06-28 10:49 - 2015-06-28 10:49 - 00000000 ____D C:\Program Files (x86)\VideoLAN
    ==================== One Month Modified files and folders ========
    (If an entry is included in the fixlist, the file/folder will be moved.)
    2015-07-23 23:28 - 2014-12-09 19:22 - 00000000 ____D C:\Windows\System32\appraiser
    2015-07-23 23:28 - 2014-08-09 05:12 - 00000000 ____D C:\users\Guest
    2015-07-23 23:28 - 2014-05-06 18:00 - 00000000 ___SD C:\Windows\System32\CompatTel
    2015-07-23 23:28 - 2012-07-15 07:50 - 00000000 ____D C:\users\Orrin JNR
    2015-07-23 23:28 - 2012-05-08 08:58 - 00000000 ____D C:\users\Thomas
    2015-07-23 23:28 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing
    2015-07-23 23:27 - 2015-05-15 23:52 - 00000000 __RSD C:\Users\Thomas\Documents\McAfee Vaults
    2015-07-23 23:27 - 2015-04-04 18:00 - 00000000 ___SD C:\Windows\System32\GWX
    2015-07-23 23:27 - 2014-05-14 11:23 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Skype
    2015-07-23 23:27 - 2012-11-29 11:21 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\uTorrent
    2015-07-23 23:27 - 2012-05-09 12:20 - 00000000 ____D C:\ProgramData\McAfee Security Scan
    2015-07-23 23:27 - 2012-05-01 03:52 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
    2015-07-23 23:25 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
    2015-07-23 23:23 - 2012-05-08 09:19 - 00000000 ____D C:\ProgramData\BOINC
    2015-07-23 23:22 - 2015-04-04 02:39 - 00000000 ____D C:\Program Files\Microsoft Office 15
    2015-07-23 23:22 - 2012-05-01 04:08 - 00000000 ____D C:\Program Files\mcafee
    2015-07-22 10:20 - 2012-05-01 04:26 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
    2015-07-22 10:20 - 2012-05-01 04:26 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
    2015-07-22 10:05 - 2013-10-23 06:27 - 00000000 ____D C:\ProgramData\boost_interprocess
    2015-07-21 12:57 - 2012-05-01 04:15 - 00000000 ____D C:\ProgramData\Sonic
    2015-07-15 19:47 - 2010-11-20 23:16 - 00000000 ___RD C:\Users\Public\Recorded TV
    2015-07-14 14:58 - 2012-05-08 09:00 - 00000422 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
    2015-07-14 14:17 - 2013-03-28 13:55 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-07-14 14:06 - 2012-09-02 09:09 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-07-14 13:17 - 2013-03-28 13:55 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-07-14 13:17 - 2012-05-01 03:35 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-07-14 13:17 - 2012-05-01 03:35 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-07-14 12:49 - 2012-07-15 12:24 - 00000872 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3274687172-3602840966-2228239552-1006Core.job
    2015-07-14 09:06 - 2012-09-02 09:09 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-07-14 03:42 - 2009-07-13 20:45 - 00028352 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-07-14 03:42 - 2009-07-13 20:45 - 00028352 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-07-14 03:26 - 2009-07-13 21:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2015-07-14 03:26 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-07-13 19:42 - 2015-04-04 02:44 - 00004978 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for trustno1-Thomas trustno1
    2015-07-13 12:46 - 2012-12-22 03:26 - 00000000 ___RD C:\Users\Thomas\SkyDrive
    2015-07-13 10:53 - 2015-05-15 23:49 - 00000000 ____D C:\Program Files (x86)\McAfee
    2015-07-13 10:53 - 2014-08-21 12:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2015-07-13 05:00 - 2012-05-09 05:00 - 00003488 _____ C:\Windows\System32\Tasks\PCDEventLauncher
    2015-07-13 05:00 - 2012-05-08 09:00 - 00003450 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
    2015-07-12 09:07 - 2009-07-13 21:13 - 00006506 _____ C:\Windows\System32\PerfStringBackup.INI
    2015-07-12 09:00 - 2012-05-08 09:00 - 00000564 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
    2015-07-12 08:47 - 2014-11-12 00:47 - 00000000 __SHD C:\Users\Thomas\AppData\Local\EmieBrowserModeList
    2015-07-12 08:47 - 2014-04-30 09:30 - 00000000 __SHD C:\Users\Thomas\AppData\Local\EmieUserList
    2015-07-12 08:47 - 2014-04-30 09:30 - 00000000 __SHD C:\Users\Thomas\AppData\Local\EmieSiteList
    2015-07-04 19:00 - 2012-05-08 09:00 - 00004268 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
    2015-07-02 12:51 - 2009-07-13 21:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
    2015-06-26 03:30 - 2014-11-09 11:44 - 00000000 ___RD C:\Program Files (x86)\Skype
    2015-06-26 03:30 - 2012-05-01 03:54 - 00000000 ____D C:\ProgramData\Skype
    ==================== Known DLLs (Whitelisted) ================

    ==================== Bamital & volsnap Check =================
    (There is no automatic fix for files that do not pass verification.)
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== Restore Points =========================
    Restore point made on: 2015-07-14 15:00:12
    ==================== Memory info ===========================
    Percentage of memory in use: 10%
    Total physical RAM: 8104.63 MB
    Available physical RAM: 7266.64 MB
    Total Virtual: 8102.83 MB
    Available Virtual: 7259.28 MB
    ==================== Drives ================================
    Drive c: (OS) (Fixed) (Total:450.91 GB) (Free:145.41 GB) NTFS
    Drive d: (GSP1RMCHPXFRER_EN_DVD) (CDROM) (Total:3.09 GB) (Free:0 GB) UDF
    Drive g: (RECOVERY) (Fixed) (Total:14.81 GB) (Free:5.74 GB) NTFS ==>[system with boot components (obtained from reading drive)]
    Drive h: (TOSHIBA EXT) (Fixed) (Total:465.76 GB) (Free:462.85 GB) NTFS
    Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: ACEA298C)
    Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
    Partition 2: (Active) - (Size=14.8 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=450.9 GB) - (Type=07 NTFS)
    ========================================================
    Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 35E8B3A5)
    Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

    LastRegBack: 2015-07-14 03:56
    ==================== End of log ============================

  18. #18
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,481

    Re: Arte,is Trojan

    I see it now! Give me some time to go over the log more closely and then I'll provide new instructions.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  19. #19

    Re: Arte,is Trojan

    Oh ok!!

    Is this the line?

    S2 syshost32; C:\Windows\Installer\{269A4ED8-3094-6D54-48F0-3CC425AC5ECE}\syshost.exe [196923 2015-07-14] ()

  20. #20
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,481

    Re: Arte,is Trojan

    You have a good eye. Yes, that is it but I want to check some other things as well. It goes by the name "Necurs" but other files I had seen in your previous log referenced a backdoor bot.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

Page 1 of 3 123 Last

Similar Threads

  1. Sabpab, New Mac OS X Backdoor Trojan
    By Corrine in forum Security News
    Replies: 0
    Last Post: 04-13-2012, 08:35 PM
  2. OSX/Flashback Trojan
    By Corrine in forum Security News
    Replies: 1
    Last Post: 04-13-2012, 08:30 PM

Log in

Log in