trojan.agent

zechariah · November 28, 2009

Hello. Here are my log files. This trojan sucks.

Malwarebytes' Anti-Malware 1.41

Database version: 3245

Windows 5.1.2600 Service Pack 2

11/28/2009 4:26:26 AM

mbam-log-2009-11-28 (04-26-23).txt

Scan type: Quick Scan

Objects scanned: 105837

Time elapsed: 5 minute(s), 14 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 0

Registry Values Infected: 2

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 6

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

C:\WINDOWS\system32\calc.dll (Trojan.Agent) -> No action taken.

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\calc (Trojan.Agent) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\calc (Trojan.Agent) -> No action taken.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\calc.dll (Trojan.Agent) -> No action taken.

C:\Documents and Settings\Zech\Start Menu\Programs\Startup\scandisk.dll (Trojan.Agent) -> No action taken.

C:\Documents and Settings\LocalService\ntuser.dll (Trojan.Agent) -> No action taken.

C:\Documents and Settings\Zech\ntuser.dll (Trojan.Agent) -> No action taken.

C:\Documents and Settings\Zech\Start Menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> No action taken.

C:\Documents and Settings\Zech\Local Settings\Temp\nsrbgxod.bak (Trojan.Agent) -> No action taken.

GMER 1.0.15.15252 - http://www.gmer.net

Rootkit scan 2009-11-28 04:23:38

Windows 5.1.2600 Service Pack 2

Running: lmivonmn.exe; Driver: C:\DOCUME~1\Zech\LOCALS~1\Temp\awldypow.sys

---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA8F887E]

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA8F8BFE]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyojilxehr@start 1

Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyojilxehr@type 1

Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyojilxehr@group file system

Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyojilxehr@imagepath \systemroot\system32\drivers\gasfkyosrvoynp.sys

Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyojilxehr\main (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyojilxehr\main@aid 20063

Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyojilxehr\main@sid 0

Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyojilxehr\main\delete (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyojilxehr\main\delete@C:\DOCUME~1\Zech\LOCALS~1\Temp\gasfkyuocxrevpfm.tmp

Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyojilxehr\main\delete@C:\DOCUME~1\Zech\LOCALS~1\Temp\gasfkytwtspwnrdx.tmp

Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyojilxehr\main\injector (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyojilxehr\main\injector@* gasfkywsp.dll

Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyojilxehr\main\tasks (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyojilxehr\modules (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyojilxehr\modules@gasfkyrk.sys \systemroot\system32\drivers\gasfkyosrvoynp.sys

Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyojilxehr\modules@gasfkycmd.dll \systemroot\system32\gasfkyjcptakwk.dll

Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyojilxehr\modules@gasfkylog.dat \systemroot\system32\gasfkydxsnpuna.dat

Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyojilxehr\modules@gasfkywsp.dll \systemroot\system32\gasfkypjnsicob.dll

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x38 0x0F 0x98 0x02 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD2 0xFF 0x28 0xF2 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE6 0xE2 0x26 0x2C ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC2 0x94 0x2A 0xC4 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x38 0x0F 0x98 0x02 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD2 0xFF 0x28 0xF2 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE6 0xE2 0x26 0x2C ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC2 0x94 0x2A 0xC4 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x38 0x0F 0x98 0x02 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD2 0xFF 0x28 0xF2 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE6 0xE2 0x26 0x2C ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC2 0x94 0x2A 0xC4 ...

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\LocalService\ntuser.dll 24064 bytes

File C:\Documents and Settings\Zech\ntuser.dll 24064 bytes

File C:\Documents and Settings\Zech\Start Menu\Programs\Startup\scandisk.dll 24064 bytes

File C:\Documents and Settings\Zech\Start Menu\Programs\Startup\scandisk.lnk 647 bytes

File C:\WINDOWS\system32\calc.dll 24064 bytes

---- EOF - GMER 1.0.15 ----

DDS (Ver_09-11-24.02) - NTFSx86

Run by Zech at 3:44:04.75 on Sat 11/28/2009

Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_07

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1516 [GMT -8:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\System32\wltrysvc.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\idt\ecsxpv_5902_012208\wdm\STacSV.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\AIM6\aim6.exe

C:\Program Files\MagicDisc\MagicDisc.exe

C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe

C:\Program Files\AIM6\aolsoftware.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Documents and Settings\Zech\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank

mURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.3.2.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll

uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp

uRun: [calc] rundll32.exe c:\docume~1\locals~1\ntuser.dll,_IWMPEvents@0

mRun: [nwiz] nwiz.exe /install

mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"

mRun: [DT HPW] c:\program files\portrait displays\hp my display\DTHtml.exe -startup_folder

mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin

mRun: [calc] rundll32.exe c:\windows\system32\calc.dll,_IWMPEvents@0

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

StartupFolder: c:\docume~1\zech\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe

mPolicies-system: EnableLUA = 0 (0x0)

IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm

IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm

IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm

IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.3.3.2.dll/206

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\zech\applic~1\mozilla\firefox\profiles\e7liyykm.default\

FF - prefs.js: browser.startup.homepage - about:blank

FF - component: c:\documents and settings\zech\application data\mozilla\firefox\profiles\e7liyykm.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll

FF - component: c:\program files\mozilla firefox\components\1348490.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-11-26 64288]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1184912]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-5-18 24652]

R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2009-5-18 37376]

R3 PAC7302;PAC7302 VGA SoC PC-Camera;c:\windows\system32\drivers\PAC7302.SYS [2007-6-14 457856]

S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]

=============== Created Last 30 ================

2009-11-28 11:41:15 192 ----a-w- c:\documents and settings\zech\defogger_renable

2009-11-26 14:45:59 0 d-----w- c:\program files\Trend Micro

2009-11-26 14:26:34 15880 ----a-w- c:\windows\system32\lsdelete.exe

2009-11-26 14:01:01 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2009-11-26 14:00:57 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2009-11-26 13:58:55 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}

2009-11-26 13:58:40 0 d-----w- c:\program files\Lavasoft

2009-11-25 14:51:42 0 d-----w- c:\windows\pss

2009-11-25 14:03:01 0 ----a-w- c:\windows\system32\18467.exe

==================== Find3M ====================

2009-10-22 23:54:50 82056 ----a-w- c:\windows\fonts\LLCOOPER.TTF

2009-10-19 22:53:45 13696 ----a-w- c:\windows\system32\drivers\wpsnuio.sys

2009-10-12 22:42:30 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys

2009-10-12 22:42:29 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys

2009-10-12 14:14:55 722416 ----a-w- c:\windows\system32\drivers\sptd.sys

2009-10-03 01:44:04 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys

============= FINISH: 3:44:28.09 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-11-24.02)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 5/17/2009 8:05:06 PM

System Uptime: 11/28/2009 3:42:04 AM (0 hours ago)

Motherboard: ECS | | A780GM-A

Processor: AMD Athlon 64 X2 Dual Core Processor 4200+ | CPU 1 | 2200/200mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (NTFS) - 75 GiB total, 23.592 GiB free.

D: is CDROM (CDFS)

F: is CDROM (UDF)

G: is CDROM (UDF)

I: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP51: 10/8/2009 8:40:44 PM - System Checkpoint

RP52: 10/8/2009 8:40:44 PM - System Checkpoint

RP53: 10/8/2009 8:40:44 PM - System Checkpoint

RP54: 10/8/2009 8:40:44 PM - System Checkpoint

RP55: 10/8/2009 8:40:44 PM - System Checkpoint

RP56: 10/10/2009 7:25:26 AM - System Checkpoint

RP57: 10/11/2009 4:51:32 PM - System Checkpoint

RP58: 10/12/2009 7:14:55 AM - SPTD setup V1.60

RP59: 10/12/2009 10:40:18 AM - Unsigned driver install

RP60: 10/12/2009 11:15:28 AM - Installed The Sims 3

RP61: 10/12/2009 11:33:08 AM - Removed The Sims 3

RP62: 10/12/2009 11:34:10 AM - Installed The Sims 3

RP63: 10/12/2009 11:57:41 AM - Removed The Sims 3

RP64: 10/12/2009 12:00:07 PM - Installed The Sims 3

RP65: 10/12/2009 3:31:22 PM - Installed Risen

RP66: 10/13/2009 4:46:35 PM - System Checkpoint

RP67: 10/14/2009 6:16:52 PM - System Checkpoint

RP68: 10/16/2009 2:36:09 AM - System Checkpoint

RP69: 10/17/2009 3:08:34 AM - System Checkpoint

RP70: 10/18/2009 7:01:01 PM - System Checkpoint

RP71: 10/19/2009 7:52:39 PM - System Checkpoint

RP72: 10/21/2009 6:44:23 AM - Installed FKP Demo

RP73: 10/22/2009 6:45:52 AM - System Checkpoint

RP74: 10/23/2009 8:57:59 PM - System Checkpoint

RP75: 10/24/2009 1:49:21 AM - Removed FKP Demo

RP76: 10/25/2009 7:04:43 AM - System Checkpoint

RP77: 10/26/2009 7:53:14 AM - System Checkpoint

RP78: 10/27/2009 2:56:57 PM - System Checkpoint

RP79: 10/28/2009 7:26:21 PM - System Checkpoint

RP80: 10/29/2009 8:23:25 PM - System Checkpoint

RP81: 10/30/2009 9:23:25 PM - System Checkpoint

RP82: 10/31/2009 10:17:10 PM - System Checkpoint

RP83: 11/1/2009 10:19:02 PM - System Checkpoint

RP84: 11/2/2009 11:07:34 PM - System Checkpoint

RP85: 11/4/2009 4:31:11 PM - System Checkpoint

RP86: 11/5/2009 5:22:23 PM - System Checkpoint

RP87: 11/6/2009 5:46:46 PM - System Checkpoint

RP88: 11/7/2009 7:25:50 PM - System Checkpoint

RP89: 11/8/2009 7:53:58 PM - System Checkpoint

RP90: 11/9/2009 8:20:22 PM - System Checkpoint

RP91: 11/10/2009 8:43:58 PM - System Checkpoint

RP92: 11/11/2009 10:42:17 PM - System Checkpoint

RP93: 11/13/2009 1:37:07 AM - System Checkpoint

RP94: 11/14/2009 2:37:10 AM - System Checkpoint

RP95: 11/15/2009 2:47:13 AM - System Checkpoint

RP96: 11/16/2009 3:25:06 AM - System Checkpoint

RP97: 11/17/2009 1:26:00 PM - System Checkpoint

RP98: 11/18/2009 2:21:45 PM - System Checkpoint

RP99: 11/19/2009 3:08:45 PM - System Checkpoint

RP100: 11/20/2009 4:22:40 PM - System Checkpoint

RP101: 11/22/2009 8:12:36 PM - System Checkpoint

RP102: 11/24/2009 1:34:53 AM - System Checkpoint

RP103: 11/25/2009 7:20:01 AM - System Checkpoint

RP104: 11/26/2009 6:36:00 AM - Removed Bonjour

==== Installed Programs ======================

Maurice Naggar · November 30, 2009

This is a duplicate posting. See this topic now in progress http://www.malwarebytes.org/forums/index.p...st&p=162580

This thread is Closed.

Sign In

trojan.agent

Recommended Posts

zechariah

Link to post

Share on other sites

Maurice Naggar

Link to post

Share on other sites

Recently Browsing 0 members

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information